Search

Find a vulnerability

Search criteria

    81 vulnerabilities by Lotus

    VAR-200202-0006

    Vulnerability from variot - Updated: 2026-04-10 23:59

    Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code ・ If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the “Overview” for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. MPE/iX is an Internet-ready operating system for the HP e3000 class servers. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. It was previously known as UCD-SNMP. They typically notify the manager that some event has occured or otherwise provide information about the status of the agent. Multiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP trap messages. Among the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. HP has confirmed that large traps will cause OpenView Network Node Manager to crash. This may be due to an exploitable buffer overflow condition

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "3com",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "adtran",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "american power conversion",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "aprisma",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "bea",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "bmc",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cnt",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "comtek services",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cscare",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cacheflow",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "carrier access",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "compaq computer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "computer associates",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "concord",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "dart",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "dell",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "digital",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "entrada",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "equinox",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "fluke",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "general datacomm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hirschmann",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "iplanet",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "itouch",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "infovista",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "inktomi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "innerdive",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "ipswitch",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "karlnet",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lantronix",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "larscom incorporated",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lucent",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mg soft",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mandriva",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "marconi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mercury interactive",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "metrobility optical",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "micromuse",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "monfox",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "multinet",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nec",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "net snmp",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "network harmoni",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nbase xyplex",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netscout",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netsilicon",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netscape",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "network appliance",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nortel",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "novell",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "openwave",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "optical access",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "perle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "powerware",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "radware",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "redback",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "riverstone",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "snmp research",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sniffer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sonicwall",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sonus",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "symantec",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "the sco group sco unix",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "tivoli",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "toshiba",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "unisphere",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vertical",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vina",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "wind river",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "world wide packets",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "xerox",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "e security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "net com",
            "version": null
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "ibm",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "snmp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "snmp",
            "version": "*"
          },
          {
            "_id": null,
            "model": "windows 98se",
            "scope": null,
            "trust": 0.9,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "microsoft",
            "version": "95"
          },
          {
            "_id": null,
            "model": "windows server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nudesign team",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "outback resource group",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "veritas",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bintec",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "interniche",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ncipher corp",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netscreen",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nokia",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "2.6 (sparc)"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "2.6 (x86)"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "7.0 (sparc)"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "7.0 (x86)"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "8 (sparc)"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "8 (x86)"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.00"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.20"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.00"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.20"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.24"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "windows 2000",
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "95"
          },
          {
            "_id": null,
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "98"
          },
          {
            "_id": null,
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "98 scd"
          },
          {
            "_id": null,
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "me"
          },
          {
            "_id": null,
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "4.0 (server)"
          },
          {
            "_id": null,
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "4.0 (terminal_srv)"
          },
          {
            "_id": null,
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "4.0 (workstation)"
          },
          {
            "_id": null,
            "model": "windows xp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "sp3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "windows xp gold",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "0"
          },
          {
            "_id": null,
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hp",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hp",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hp",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hp",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "ucd-snmp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "net snmp",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "ucd-snmp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "net snmp",
            "version": "4.1.1"
          },
          {
            "_id": null,
            "model": "ucd-snmp",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "net snmp",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "snmp",
            "scope": null,
            "trust": 0.6,
            "vendor": "snmp",
            "version": null
          },
          {
            "_id": null,
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "ucd-snmp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "net snmp",
            "version": "4.1.2"
          },
          {
            "_id": null,
            "model": "ucd-snmp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "net snmp",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "solaris 8 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris 8 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris 7.0 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "solaris 2.6 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "enterprise server ssp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "100003.5"
          },
          {
            "_id": null,
            "model": "enterprise server ssp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "100003.4"
          },
          {
            "_id": null,
            "model": "enterprise server ssp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "100003.3"
          },
          {
            "_id": null,
            "model": "research mid-level manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snmp",
            "version": "15.3"
          },
          {
            "_id": null,
            "model": "research enterpol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snmp",
            "version": "15.3"
          },
          {
            "_id": null,
            "model": "research dr-web manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snmp",
            "version": "15.3"
          },
          {
            "_id": null,
            "model": "brocade",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "2.6.0"
          },
          {
            "_id": null,
            "model": "networks aos",
            "scope": null,
            "trust": 0.3,
            "vendor": "redback",
            "version": null
          },
          {
            "_id": null,
            "model": "realplayer intranet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "realnetworks",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "software tcpware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "process",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "software multinet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "process",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.5"
          },
          {
            "_id": null,
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows xp professional",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows xp home",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": "windows nt workstation sp6a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt workstation sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt workstation sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt workstation sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt workstation sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt workstation sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt workstation sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt terminal server sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt terminal server sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt terminal server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt terminal server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt terminal server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt terminal server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt terminal server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt server sp6a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt server sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt server sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt enterprise server sp6a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt enterprise server sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt enterprise server sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt enterprise server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt enterprise server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt enterprise server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt enterprise server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows nt enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "98"
          },
          {
            "_id": null,
            "model": "windows terminal services sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows terminal services sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows terminal services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows professional sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows professional sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows datacenter server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows datacenter server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows datacenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows advanced server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows advanced server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "windows advanced server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "_id": null,
            "model": "domino snmp agents solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1x86"
          },
          {
            "_id": null,
            "model": "domino snmp agents solaris sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "domino snmp agents hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "lrs",
            "scope": null,
            "trust": 0.3,
            "vendor": "lantronix",
            "version": null
          },
          {
            "_id": null,
            "model": "junos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "solutions router ip console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "innerdive",
            "version": "3.3.0.406"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "secure os software for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "procurve switch 8000m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "procurve switch 4108gl-bundle",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "procurve switch 4108gl",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "procurve switch 4000m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "procurve switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2525"
          },
          {
            "_id": null,
            "model": "procurve switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2524"
          },
          {
            "_id": null,
            "model": "procurve switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2512"
          },
          {
            "_id": null,
            "model": "procurve switch 2424m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "procurve switch 2400m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "procurve switch 1600m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ov/sam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "openview network node manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.10"
          },
          {
            "_id": null,
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "openview network node manager nt 4.x/windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.22000"
          },
          {
            "_id": null,
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.211.x"
          },
          {
            "_id": null,
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.210.x"
          },
          {
            "_id": null,
            "model": "openview network node manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.111.x"
          },
          {
            "_id": null,
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.110.x"
          },
          {
            "_id": null,
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "openview network node manager nt 4.x/windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.02000"
          },
          {
            "_id": null,
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.011.x"
          },
          {
            "_id": null,
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.010.20"
          },
          {
            "_id": null,
            "model": "openview network node manager windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0.23.51/4.0"
          },
          {
            "_id": null,
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.01"
          },
          {
            "_id": null,
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.01"
          },
          {
            "_id": null,
            "model": "openview network node manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.01"
          },
          {
            "_id": null,
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "openview extensible snmp agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "openview emanate snmp agent solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "14.22.x"
          },
          {
            "_id": null,
            "model": "openview emanate snmp agent hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "14.211.x"
          },
          {
            "_id": null,
            "model": "openview emanate snmp agent hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "14.210.20"
          },
          {
            "_id": null,
            "model": "openview distributed management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "openview distributed management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.03"
          },
          {
            "_id": null,
            "model": "mc/serviceguard",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jetdirect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.20.00"
          },
          {
            "_id": null,
            "model": "jetdirect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.08.32"
          },
          {
            "_id": null,
            "model": "jetdirect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.08.00"
          },
          {
            "_id": null,
            "model": "ito/vpo/ovo unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.24"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.20"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.20"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "ems a.03.20",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ems a.03.10",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ems a.03.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "services nmserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "comtek",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "associates unicenter",
            "scope": null,
            "trust": 0.3,
            "vendor": "computer",
            "version": null
          },
          {
            "_id": null,
            "model": "unixware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "unixware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "unixware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "7"
          },
          {
            "_id": null,
            "model": "openunix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "openserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "5.0.6"
          },
          {
            "_id": null,
            "model": "openserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "5.0.5"
          },
          {
            "_id": null,
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "web nms msp edition",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "web nms",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "snmp utilities",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "snmp api",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "mediation server",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "management builder",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "fault management toolkit",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "configuration management toolkit",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "cli api",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "agent toolkit java/jmx edition",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "agent toolkit c edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "_id": null,
            "model": "webcache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "3000"
          },
          {
            "_id": null,
            "model": "webcache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "1000"
          },
          {
            "_id": null,
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "4900"
          },
          {
            "_id": null,
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "4400"
          },
          {
            "_id": null,
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "3300"
          },
          {
            "_id": null,
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "1100"
          },
          {
            "_id": null,
            "model": "ps hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "50"
          },
          {
            "_id": null,
            "model": "ps hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "40"
          },
          {
            "_id": null,
            "model": "dual speed hub",
            "scope": null,
            "trust": 0.3,
            "vendor": "3com",
            "version": null
          },
          {
            "_id": null,
            "model": "brocade .0d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "solutions router ip console",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "innerdive",
            "version": "3.3.0.407"
          },
          {
            "_id": null,
            "model": "jetdirect",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.21.00"
          },
          {
            "_id": null,
            "model": "jetdirect",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.08.32"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "5043"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4203"
          },
          {
            "db": "BID",
            "id": "4088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000033"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0012"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:ibm:aix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:vvos",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_2000",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows-9x",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_nt",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_xp",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000033"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Discovered by the Oulu University Secure Programming Group.",
        "sources": [
          {
            "db": "BID",
            "id": "5043"
          },
          {
            "db": "BID",
            "id": "4203"
          },
          {
            "db": "BID",
            "id": "4088"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2002-0012",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2002-0012",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2002-0012",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#107186",
                "trust": 0.8,
                "value": "69.26"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#854306",
                "trust": 0.8,
                "value": "42.64"
              },
              {
                "author": "NVD",
                "id": "CVE-2002-0012",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200202-007",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000033"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0012"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite.  NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor.  This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code \u30fb If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. MPE/iX is an Internet-ready operating system for the HP e3000 class servers.  It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU.  It was previously known as UCD-SNMP.  They typically notify the manager that some event has occured or otherwise provide information about the status of the agent. \nMultiple vulnerabilities have been discovered in a number of SNMP implementations.  The vulnerabilities are known to exist in the process of decoding and interpreting SNMP trap messages. \nAmong the possible consequences are denial of service and allowing attackers to compromise target systems.  These depend on the individual vulnerabilities in each affected product. \nHP has confirmed that large traps will cause OpenView Network Node Manager to crash.  This may be due to an exploitable buffer overflow condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-0012"
          },
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000033"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "5043"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4203"
          },
          {
            "db": "BID",
            "id": "4088"
          }
        ],
        "trust": 4.68
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2002-0012",
            "trust": 3.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#107186",
            "trust": 3.2
          },
          {
            "db": "BID",
            "id": "4088",
            "trust": 2.2
          },
          {
            "db": "BID",
            "id": "4732",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "4089",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "4132",
            "trust": 1.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306",
            "trust": 1.4
          },
          {
            "db": "BID",
            "id": "5043",
            "trust": 1.3
          },
          {
            "db": "XF",
            "id": "8177",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000033",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-007",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "89608",
            "trust": 0.3
          },
          {
            "db": "BID",
            "id": "89661",
            "trust": 0.3
          },
          {
            "db": "BID",
            "id": "4203",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "5043"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4203"
          },
          {
            "db": "BID",
            "id": "4088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000033"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0012"
          }
        ]
      },
      "id": "VAR-200202-0006",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.489583335
      },
      "last_update_date": "2026-04-10T23:59:45.929000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "HPSBUX00184",
            "trust": 0.8,
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00964944"
          },
          {
            "title": "MS02-006",
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms02-006.mspx"
          },
          {
            "title": "RHSA-2001:163",
            "trust": 0.8,
            "url": "http://rhn.redhat.com/errata/RHSA-2001-163.html"
          },
          {
            "title": "#00215",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-22-00215-1"
          },
          {
            "title": "#00215",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-22-00215-3"
          },
          {
            "title": "IBM Information for VU#107186",
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/IAFY-55KRCV"
          },
          {
            "title": "MS02-006",
            "trust": 0.8,
            "url": "http://www.microsoft.com/japan/technet/security/Bulletin/ms02-006.mspx"
          },
          {
            "title": "RHSA-2001:163",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2001-163J.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000033"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000033"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0012"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.0,
            "url": "http://www.cert.org/advisories/ca-2002-03.html"
          },
          {
            "trust": 2.4,
            "url": "http://www.kb.cert.org/vuls/id/107186"
          },
          {
            "trust": 1.6,
            "url": "http://www.ee.oulu.fi/research/ouspg/protos/"
          },
          {
            "trust": 1.6,
            "url": "http://www.cert.org/tech_tips/denial_of_service.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc3000.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc1212.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc1213.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc1215.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc1270.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2570.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2571.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2572.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2573.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2574.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2575.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2576.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/4088"
          },
          {
            "trust": 1.6,
            "url": "http://online.securityfocus.com/bid/4132"
          },
          {
            "trust": 1.6,
            "url": "http://online.securityfocus.com/bid/4732"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/4089"
          },
          {
            "trust": 1.6,
            "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html"
          },
          {
            "trust": 1.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0012"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/advisories/4211"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2001-163.html"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20020201-01-a"
          },
          {
            "trust": 1.0,
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006"
          },
          {
            "trust": 1.0,
            "url": "http://www.iss.net/security_center/alerts/advise110.php"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1048"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a161"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a298"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/5043"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a144"
          },
          {
            "trust": 0.8,
            "url": "http://www.ciac.org/ciac/bulletins/m-042.shtml"
          },
          {
            "trust": 0.8,
            "url": "http://www.ipa.go.jp/security/ciadr/20020213snmp.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/wr/2002/wr020701.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/wr/2002/wr020901.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/at/2002/at020001.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnca-2002-03"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0012"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/8177"
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0013"
          },
          {
            "trust": 0.6,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms02-006.asp"
          },
          {
            "trust": 0.6,
            "url": "http://www.kb.cert.org/vuls/id/854306"
          },
          {
            "trust": 0.3,
            "url": "http://online.securityfocus.com/bid/4088"
          },
          {
            "trust": 0.3,
            "url": "http://online.securityfocus.com/bid/4089"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f44605"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f42769"
          },
          {
            "trust": 0.3,
            "url": "http://online.securityfocus.com/news/474"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-006.asp"
          },
          {
            "trust": 0.3,
            "url": "http://otn.oracle.com/deploy/security/pdf/snmp_2002_alert.pdf"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "5043"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4203"
          },
          {
            "db": "BID",
            "id": "4088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000033"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0012"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#107186",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306",
            "ident": null
          },
          {
            "db": "BID",
            "id": "89608",
            "ident": null
          },
          {
            "db": "BID",
            "id": "89661",
            "ident": null
          },
          {
            "db": "BID",
            "id": "5043",
            "ident": null
          },
          {
            "db": "BID",
            "id": "4732",
            "ident": null
          },
          {
            "db": "BID",
            "id": "4203",
            "ident": null
          },
          {
            "db": "BID",
            "id": "4088",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-007",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000033",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0012",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2002-01-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#107186",
            "ident": null
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#854306",
            "ident": null
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89608",
            "ident": null
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89661",
            "ident": null
          },
          {
            "date": "2002-06-18T00:00:00",
            "db": "BID",
            "id": "5043",
            "ident": null
          },
          {
            "date": "2002-05-13T00:00:00",
            "db": "BID",
            "id": "4732",
            "ident": null
          },
          {
            "date": "2002-02-27T00:00:00",
            "db": "BID",
            "id": "4203",
            "ident": null
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "BID",
            "id": "4088",
            "ident": null
          },
          {
            "date": "2002-02-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200202-007",
            "ident": null
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2002-000033",
            "ident": null
          },
          {
            "date": "2002-02-13T05:00:00",
            "db": "NVD",
            "id": "CVE-2002-0012",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2007-11-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#107186",
            "ident": null
          },
          {
            "date": "2007-11-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#854306",
            "ident": null
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89608",
            "ident": null
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89661",
            "ident": null
          },
          {
            "date": "2009-07-11T13:56:00",
            "db": "BID",
            "id": "5043",
            "ident": null
          },
          {
            "date": "2002-05-13T00:00:00",
            "db": "BID",
            "id": "4732",
            "ident": null
          },
          {
            "date": "2009-07-11T10:56:00",
            "db": "BID",
            "id": "4203",
            "ident": null
          },
          {
            "date": "2009-07-11T10:56:00",
            "db": "BID",
            "id": "4088",
            "ident": null
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200202-007",
            "ident": null
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2002-000033",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2002-0012",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "5043"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4203"
          },
          {
            "db": "BID",
            "id": "4088"
          }
        ],
        "trust": 1.8
      },
      "title": {
        "_id": null,
        "data": "Multiple vulnerabilities in SNMPv1 trap handling",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200107-0161

    Vulnerability from variot - Updated: 2026-04-10 22:45

    Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. DIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host. This leads to network instability and denial of service. -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6

    X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php

    This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php


    Contents: * 120 Reported Vulnerabilities * Risk Factor Key


    Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php

    Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php

    Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php

    Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php

    Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php

    Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php

    Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php

    Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php

    Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php

    Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php

    Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php

    Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php

    Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php

    Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php

    Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php

    Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php

    Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php

    Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php

    Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php

    Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php

    Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php

    Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php

    Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php

    Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php

    Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php

    Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php

    Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php

    Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php

    Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php

    Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php

    Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php

    Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php

    Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php

    Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php

    Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php

    Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php

    Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php

    Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php

    Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php

    Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php

    Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php

    Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php

    Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php

    Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php

    Date Reported: 04/16/2001 Brief Description: Microsoft Internet Explorer altering CLSID action allows malicious file execution Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
    Vulnerability: ie-clsid-execute-files X-Force URL: http://xforce.iss.net/static/6426.php

    Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php

    Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php

    Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php

    Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php

    Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php

    Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php

    Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php

    Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php

    Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php

    Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php

    Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php

    Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php

    Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php

    Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php

    Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php

    Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php

    Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php

    Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php

    Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php

    Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php

    Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php

    Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php

    Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php

    Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php

    Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php

    Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php

    Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php

    Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php

    Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php

    Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php

    Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php

    Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php

    Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php

    Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php

    Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php

    Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php

    Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php

    Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php

    Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php

    Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php

    Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php

    Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php

    Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php

    Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php


    Risk Factor Key:

        High    Any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server. 
        Medium  Any vulnerability that provides information that has a
                high potential of giving system access to an intruder. 
                Example: A misconfigured TFTP or vulnerable NIS server
                that allows an intruder to get the password file that
                could contain an account with a guessable password. 
        Low     Any vulnerability that provides information that
                potentially could lead to a compromise.  Example:  A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via brute force methods.
    

    About Internet Security Systems (ISS)

    Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.

    Copyright (c) 2001 by Internet Security Systems, Inc.

    Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.

    Disclaimer

    The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

    X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.

    Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv

    iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": "catos",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "6.1\\(1c\\)"
          },
          {
            "_id": null,
            "model": "catos",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "catos",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "5.5\\(6\\)"
          },
          {
            "_id": null,
            "model": "catos",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "4.5.10"
          },
          {
            "_id": null,
            "model": "catos",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "5.5\\(4b\\)"
          },
          {
            "_id": null,
            "model": "catos",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "4.5\\(11\\)"
          },
          {
            "_id": null,
            "model": "catos",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "6.1\\(2\\)"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.6"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.5"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.4"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.3"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "catos",
            "version": "4.5(11)"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "catos",
            "version": "4.5.10"
          },
          {
            "_id": null,
            "model": "5.5",
            "scope": null,
            "trust": 0.2,
            "vendor": "catos",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "catos",
            "version": "5.5(6)"
          },
          {
            "_id": null,
            "model": "6.1",
            "scope": null,
            "trust": 0.2,
            "vendor": "catos",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "catos",
            "version": "6.1(2)"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "catos",
            "version": "6.1.2"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "bbed9956-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0429"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Discovered and posted to Bugtraq by \u003cpeter.grundl@defcom.com\u003e on April 11, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "2599"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-0429",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-0429",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "bbed9956-23ce-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-3248",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-0429",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#890128",
                "trust": 0.8,
                "value": "5.07"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#642760",
                "trust": 0.8,
                "value": "10.50"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200107-020",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "bbed9956-23ce-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3248",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "bbed9956-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0429"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. \nDIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host. This leads to network instability and denial of service. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported:          04/02/2001\nBrief Description:      The Bat! masked file type in email attachment\n                        could allow execution of code\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     The Bat! 1.49 and earlier\nVulnerability:          thebat-masked-file-type\nX-Force URL:            http://xforce.iss.net/static/6324.php\n\nDate Reported:          04/02/2001\nBrief Description:      PHP-Nuke could allow attackers to redirect ad\n                        banner URL links\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     PHP-Nuke 4.4 and earlier\nVulnerability:          php-nuke-url-redirect\nX-Force URL:            http://xforce.iss.net/static/6342.php\n\nDate Reported:          04/03/2001\nBrief Description:      Orinoco RG-1000 Residential Gateway default SSID\n                        reveals WEP encryption key\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Orinoco Residential Gateway RG-1000\nVulnerability:          orinoco-rg1000-wep-key\nX-Force URL:            http://xforce.iss.net/static/6328.php\n\nDate Reported:          04/03/2001\nBrief Description:      Navision Financials server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Navision Financials 2.5 and 2.6\nVulnerability:          navision-server-dos\nX-Force URL:            http://xforce.iss.net/static/6318.php\n\nDate Reported:          04/03/2001\nBrief Description:      uStorekeeper online shopping system allows\n                        remote file retrieval\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     uStorekeeper 1.61\nVulnerability:          ustorekeeper-retrieve-files\nX-Force URL:            http://xforce.iss.net/static/6319.php\n\nDate Reported:          04/03/2001\nBrief Description:      Resin server allows remote attackers to view\n                        Javabean files\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Resin 1.2.x, Resin 1.3b1\nVulnerability:          resin-view-javabean\nX-Force URL:            http://xforce.iss.net/static/6320.php\n\nDate Reported:          04/03/2001\nBrief Description:      BPFTP could allow attackers to obtain login\n                        credentials\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BPFTP 2.0\nVulnerability:          bpftp-obtain-credentials\nX-Force URL:            http://xforce.iss.net/static/6330.php\n\nDate Reported:          04/04/2001\nBrief Description:      Ntpd server readvar control message buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n                        Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n                        Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n                        earlier, FreeBSD 4.2-Stable, Mandrake Linux\n                        Corporate Server 1.0.1, Mandrake Linux 7.2,\n                        Trustix Secure Linux, Immunix Linux 7.0, \n                        NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n                        eServer 2.3.1\nVulnerability:          ntpd-remote-bo\nX-Force URL:            http://xforce.iss.net/static/6321.php\n\nDate Reported:          04/04/2001\nBrief Description:      Cisco CSS debug mode allows users to gain\n                        administrative access\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco Content Services Switch 11050, Cisco \n                        Content Services Switch 11150, Cisco Content\n                        Services Switch 11800\nVulnerability:          cisco-css-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6322.php\n\nDate Reported:          04/04/2001\nBrief Description:      BEA Tuxedo may allow access to remote services\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BEA Tuxedo 7.1\nVulnerability:          bea-tuxedo-remote-access\nX-Force URL:            http://xforce.iss.net/static/6326.php\n\nDate Reported:          04/05/2001\nBrief Description:      Ultimate Bulletin Board could allow attackers to\n                        bypass authentication\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Ultimate Bulletin Board 5.43, Ultimate Bulletin\n                        Board 5.4.7e\nVulnerability:          ultimatebb-bypass-authentication\nX-Force URL:            http://xforce.iss.net/static/6339.php\n\nDate Reported:          04/05/2001\nBrief Description:      BinTec X4000 NMAP denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n                        BinTec X1200\nVulnerability:          bintec-x4000-nmap-dos\nX-Force URL:            http://xforce.iss.net/static/6323.php\n\nDate Reported:          04/05/2001\nBrief Description:      WatchGuard Firebox II kernel denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     WatchGuard Firebox II prior to 4.6\nVulnerability:          firebox-kernel-dos\nX-Force URL:            http://xforce.iss.net/static/6327.php\n\nDate Reported:          04/06/2001\nBrief Description:      Cisco PIX denial of service due to multiple \n                        TACACS+ requests\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco PIX Firewall 5.1.4\nVulnerability:          cisco-pix-tacacs-dos\nX-Force URL:            http://xforce.iss.net/static/6353.php\n\nDate Reported:          04/06/2001\nBrief Description:      Darren Reed\u0027s IP Filter allows attackers to\n                        access UDP and TCP ports\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IP Filter 3.4.16\nVulnerability:          ipfilter-access-ports\nX-Force URL:            http://xforce.iss.net/static/6331.php\n\nDate Reported:          04/06/2001\nBrief Description:      Veritas NetBackup nc (netcat) command denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     NetBackup 3.2\nVulnerability:          veritas-netbackup-nc-dos\nX-Force URL:            http://xforce.iss.net/static/6329.php\n\nDate Reported:          04/08/2001\nBrief Description:      PGP may allow malicious users to access\n                        authenticated split keys\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     PGP 7.0\nVulnerability:          nai-pgp-split-keys\nX-Force URL:            http://xforce.iss.net/static/6341.php\n\nDate Reported:          04/09/2001\nBrief Description:      Solaris kcms_configure command line buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcms-command-bo\nX-Force URL:            http://xforce.iss.net/static/6359.php\n\nDate Reported:          04/09/2001\nBrief Description:      TalkBack CGI script could allow remote attackers\n                        to read files on the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     TalkBack prior to 1.2\nVulnerability:          talkback-cgi-read-files\nX-Force URL:            http://xforce.iss.net/static/6340.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) implementation\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n                        HP-UX 11.00, NetBSD\nVulnerability:          ftp-glob-implementation\nX-Force URL:            http://xforce.iss.net/static/6333.php\n\nDate Reported:          04/09/2001\nBrief Description:      Pine mail client temp file symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n                        Linux 6.2, Red Hat Linux 7.0\nVulnerability:          pine-tmp-file-symlink\nX-Force URL:            http://xforce.iss.net/static/6367.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) expansion\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n                        OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability:          ftp-glob-expansion\nX-Force URL:            http://xforce.iss.net/static/6332.php\n\nDate Reported:          04/09/2001\nBrief Description:      Netscape embedded JavaScript in GIF file \n                        comments can be used to access remote data\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape Communicator 4.76, Red Hat Linux 6.2,\n                        Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n                        7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n                        Red Hat Linux 7.1\nVulnerability:          netscape-javascript-access-data\nX-Force URL:            http://xforce.iss.net/static/6344.php\n\nDate Reported:          04/09/2001\nBrief Description:      STRIP generates weak passwords\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     STRIP 0.5 and earlier\nVulnerability:          strip-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6362.php\n\nDate Reported:          04/10/2001\nBrief Description:      Solaris Xsun HOME environment variable buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-xsun-home-bo\nX-Force URL:            http://xforce.iss.net/static/6343.php\n\nDate Reported:          04/10/2001\nBrief Description:      Compaq Presario Active X denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Compaq Presario, Windows 98, Windows ME\nVulnerability:          compaq-activex-dos\nX-Force URL:            http://xforce.iss.net/static/6355.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-expert-account\nX-Force URL:            http://xforce.iss.net/static/6354.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on LAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-lan-access\nX-Force URL:            http://xforce.iss.net/static/6336.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on WAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-wan-access\nX-Force URL:            http://xforce.iss.net/static/6337.php\n\nDate Reported:          04/10/2001\nBrief Description:      Oracle Application Server shared library\n                        (ndwfn4.so) buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     iPlanet Web Server 4.x, Oracle Application\n                        Server 4.0.8.2\nVulnerability:          oracle-appserver-ndwfn4-bo\nX-Force URL:            http://xforce.iss.net/static/6334.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems use blank password by\n                        default\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-blank-password\nX-Force URL:            http://xforce.iss.net/static/6335.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris dtsession buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-dtsession-bo\nX-Force URL:            http://xforce.iss.net/static/6366.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcssunwiosolf-bo\nX-Force URL:            http://xforce.iss.net/static/6365.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lightwave ConsoleServer brute force password\n                        attack\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Lightwave ConsoleServer 3200\nVulnerability:          lightwave-consoleserver-brute-force\nX-Force URL:            http://xforce.iss.net/static/6345.php\n\nDate Reported:          04/11/2001\nBrief Description:      nph-maillist allows user to execute code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Email List Generator 3.5 and earlier\nVulnerability:          nph-maillist-execute-code\nX-Force URL:            http://xforce.iss.net/static/6363.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost Configuration Server denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5\nVulnerability:          ghost-configuration-server-dos\nX-Force URL:            http://xforce.iss.net/static/6357.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server DOS device denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-device-dos\nX-Force URL:            http://xforce.iss.net/static/6348.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server HTTP header denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-header-dos\nX-Force URL:            http://xforce.iss.net/static/6347.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server URL parsing denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-url-dos\nX-Force URL:            http://xforce.iss.net/static/6351.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server CORBA denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-corba-dos\nX-Force URL:            http://xforce.iss.net/static/6350.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost database engine denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5, Sybase Adaptive Server Database\n                        Engine 6.0.3.2747\nVulnerability:          ghost-database-engine-dos\nX-Force URL:            http://xforce.iss.net/static/6356.php\n\nDate Reported:          04/11/2001\nBrief Description:      cfingerd daemon remote format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Debian Linux 2.1, Debian Linux 2.2, cfingerd\n                        1.4.3 and earlier\nVulnerability:          cfingerd-remote-format-string\nX-Force URL:            http://xforce.iss.net/static/6364.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server Unicode denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-unicode-dos\nX-Force URL:            http://xforce.iss.net/static/6349.php\n\nDate Reported:          04/11/2001\nBrief Description:      Linux mkpasswd generates weak passwords\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability:          mkpasswd-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6382.php\n\nDate Reported:          04/12/2001\nBrief Description:      Solaris ipcs utility buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-ipcs-bo\nX-Force URL:            http://xforce.iss.net/static/6369.php\n\nDate Reported:          04/12/2001\nBrief Description:      InterScan VirusWall ISADMIN service buffer \n                        overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel , InterScan VirusWall 3.0.1\nVulnerability:          interscan-viruswall-isadmin-bo\nX-Force URL:            http://xforce.iss.net/static/6368.php\n\nDate Reported:          04/12/2001\nBrief Description:      HylaFAX hfaxd format string\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n                        Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n                        Mandrake Linux 7.2, Mandrake Linux Corporate\n                        Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability:          hylafax-hfaxd-format-string\nX-Force URL:            http://xforce.iss.net/static/6377.php\n\nDate Reported:          04/12/2001\nBrief Description:      Cisco VPN 3000 Concentrators invalid IP Option\n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability:          cisco-vpn-ip-dos\nX-Force URL:            http://xforce.iss.net/static/6360.php\n\nDate Reported:          04/13/2001\nBrief Description:      Net.Commerce package in IBM WebSphere reveals\n                        installation path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n                        7, Windows NT 4.0\nVulnerability:          ibm-websphere-reveals-path\nX-Force URL:            http://xforce.iss.net/static/6371.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Term 5.0, QVT/Net 5.0\nVulnerability:          qpc-ftpd-bo\nX-Force URL:            http://xforce.iss.net/static/6376.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     QVT/Net 5.0, QVT/Term 5.0\nVulnerability:          qpc-ftpd-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6375.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC popd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Net 5.0\nVulnerability:          qpc-popd-bo\nX-Force URL:            http://xforce.iss.net/static/6374.php\n\nDate Reported:          04/13/2001\nBrief Description:      NCM Content Management System access database\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     NCM Content Management System\nVulnerability:          ncm-content-database-access\nX-Force URL:            http://xforce.iss.net/static/6386.php\n\nDate Reported:          04/13/2001\nBrief Description:      Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape SmartDownload 1.3, Windows NT, Windows\n                        95, Windows 98\nVulnerability:          netscape-smartdownload-sdph20-bo\nX-Force URL:            http://xforce.iss.net/static/6403.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer accept buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-accept-bo\nX-Force URL:            http://xforce.iss.net/static/6404.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer cancel buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-cancel-bo\nX-Force URL:            http://xforce.iss.net/static/6406.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer disable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-disable-bo\nX-Force URL:            http://xforce.iss.net/static/6407.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer enable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-enable-bo\nX-Force URL:            http://xforce.iss.net/static/6409.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lp buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lp-bo\nX-Force URL:            http://xforce.iss.net/static/6410.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpfilter buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpfilter-bo\nX-Force URL:            http://xforce.iss.net/static/6411.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpstat buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpstat-bo\nX-Force URL:            http://xforce.iss.net/static/6413.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer reject buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-reject-bo\nX-Force URL:            http://xforce.iss.net/static/6414.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer rmail buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-rmail-bo\nX-Force URL:            http://xforce.iss.net/static/6415.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer tput buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-tput-bo\nX-Force URL:            http://xforce.iss.net/static/6416.php\n\nDate Reported:          04/13/2001\nBrief Description:      IBM WebSphere CGI macro denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n                        4.3.x, Solaris 7\nVulnerability:          ibm-websphere-macro-dos\nX-Force URL:            http://xforce.iss.net/static/6372.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpmove buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpmove-bo\nX-Force URL:            http://xforce.iss.net/static/6412.php\n\nDate Reported:          04/14/2001\nBrief Description:      Siemens Reliant Unix ppd -T symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n                        Unix 5.44\nVulnerability:          reliant-unix-ppd-symlink\nX-Force URL:            http://xforce.iss.net/static/6408.php\n\nDate Reported:          04/15/2001\nBrief Description:      Linux Exuberant Ctags package symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, exuberant-ctags\nVulnerability:          exuberant-ctags-symlink\nX-Force URL:            http://xforce.iss.net/static/6388.php\n\nDate Reported:          04/15/2001\nBrief Description:      processit.pl CGI could allow attackers to view\n                        sensitive information about the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     processit.pl\nVulnerability:          processit-cgi-view-info\nX-Force URL:            http://xforce.iss.net/static/6385.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft ISA Server Web Proxy denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft ISA Server 2000\nVulnerability:          isa-web-proxy-dos\nX-Force URL:            http://xforce.iss.net/static/6383.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft Internet Explorer altering CLSID\n                        action allows malicious file execution\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Windows 2000, Internet Explorer 5.5, Windows 98                       \nVulnerability:          ie-clsid-execute-files\nX-Force URL:            http://xforce.iss.net/static/6426.php\n\nDate Reported:          04/16/2001\nBrief Description:      Cisco Catalyst 5000 series switch 802.1x denial\n                        of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco Catalyst 5000 Series\nVulnerability:          cisco-catalyst-8021x-dos\nX-Force URL:            http://xforce.iss.net/static/6379.php\n\nDate Reported:          04/16/2001\nBrief Description:      BubbleMon allows users to gain elevated \n                        privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     BubbleMon prior to 1.32, FreeBSD\nVulnerability:          bubblemon-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6378.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6391.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field allows attacker to upload\n                        files\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-file-upload\nX-Force URL:            http://xforce.iss.net/static/6393.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field EXPR allows attacker to\n                        execute commands\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-expr\nX-Force URL:            http://xforce.iss.net/static/6392.php\n\nDate Reported:          04/16/2001\nBrief Description:      Linux NetFilter IPTables\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability:          linux-netfilter-iptables\nX-Force URL:            http://xforce.iss.net/static/6390.php\n\nDate Reported:          04/17/2001\nBrief Description:      Xitami Web server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability:          xitami-server-dos\nX-Force URL:            http://xforce.iss.net/static/6389.php\n\nDate Reported:          04/17/2001\nBrief Description:      Samba tmpfile symlink attack could allow\n                        elevated privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n                        Progeny Linux, Caldera OpenLinux eBuilder,\n                        Trustix Secure Linux 1.01, Mandrake Linux \n                        Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n                        Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n                        Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n                        OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability:          samba-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6396.php\n\nDate Reported:          04/17/2001\nBrief Description:      GoAhead WebServer \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability:          goahead-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6400.php\n\nDate Reported:          04/17/2001\nBrief Description:      AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     SimpleServer:WWW 1.03 to 1.08\nVulnerability:          analogx-simpleserver-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6395.php\n\nDate Reported:          04/17/2001\nBrief Description:      Viking Server hexadecimal URL encoded format\n                        directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server prior to 1.07-381\nVulnerability:          viking-hex-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6394.php\n\nDate Reported:          04/17/2001\nBrief Description:      Solaris FTP server allows attacker to recover\n                        shadow file\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 2.6\nVulnerability:          solaris-ftp-shadow-recovery\nX-Force URL:            http://xforce.iss.net/static/6422.php\n\nDate Reported:          04/18/2001\nBrief Description:      The Bat! pop3 denial of service\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     The Bat! 1.51, Windows\nVulnerability:          thebat-pop3-dos\nX-Force URL:            http://xforce.iss.net/static/6423.php\n\nDate Reported:          04/18/2001\nBrief Description:      Eudora allows attacker to obtain files using\n                        plain text attachments\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Eudora 5.0.2\nVulnerability:          eudora-plain-text-attachment\nX-Force URL:            http://xforce.iss.net/static/6431.php\n\nDate Reported:          04/18/2001\nBrief Description:      VMware vmware-mount.pl symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     VMware\nVulnerability:          vmware-mount-symlink\nX-Force URL:            http://xforce.iss.net/static/6420.php\n\nDate Reported:          04/18/2001\nBrief Description:      KFM tmpfile symbolic link could allow local\n                        attackers to overwrite files\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 7.0, K File Manager (KFM)\nVulnerability:          kfm-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6428.php\n\nDate Reported:          04/18/2001\nBrief Description:      CyberScheduler timezone remote buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     CyberScheduler, Mandrake Linux, Windows 2000,\n                        IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n                        Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n                        Linux, Solaris 2.5, Solaris 2.6, Caldera \n                        OpenLinux, Windows NT\nVulnerability:          cyberscheduler-timezone-bo\nX-Force URL:            http://xforce.iss.net/static/6401.php\n\nDate Reported:          04/18/2001\nBrief Description:      Microsoft Data Access Component Internet\n                        Publishing Provider allows WebDAV access\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft Data Access Component 8.103.2519.0,\n                        Windows 95, Windows NT 4.0, Windows 98, Windows\n                        98 Second Edition, Windows 2000, Windows ME \nVulnerability:          ms-dacipp-webdav-access\nX-Force URL:            http://xforce.iss.net/static/6405.php\n\nDate Reported:          04/18/2001\nBrief Description:      Oracle tnslsnr80.exe denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability:          oracle-tnslsnr80-dos\nX-Force URL:            http://xforce.iss.net/static/6427.php\n\nDate Reported:          04/18/2001\nBrief Description:      innfeed -c flag buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux, Slackware Linux, Mandrake Linux,\n                        INN prior to 2.3.1\nVulnerability:          innfeed-c-bo\nX-Force URL:            http://xforce.iss.net/static/6398.php\n\nDate Reported:          04/18/2001\nBrief Description:      iPlanet Calendar Server stores username and\n                        password in plaintext\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     iPlanet Calendar Server 5.0p2\nVulnerability:          iplanet-calendar-plaintext-password\nX-Force URL:            http://xforce.iss.net/static/6402.php\n\nDate Reported:          04/18/2001\nBrief Description:      Linux NEdit symlink when printing\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n                        2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n                        SuSE Linux 7.0, Mandrake Linux Corporate Server\n                        1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability:          nedit-print-symlink\nX-Force URL:            http://xforce.iss.net/static/6424.php\n\nDate Reported:          04/19/2001\nBrief Description:      CheckBO TCP buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     CheckBO 1.56 and earlier\nVulnerability:          checkbo-tcp-bo\nX-Force URL:            http://xforce.iss.net/static/6436.php\n\nDate Reported:          04/19/2001\nBrief Description:      HP-UX pcltotiff uses insecure permissions\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n                        HP-UX 10.26\nVulnerability:          hp-pcltotiff-insecure-permissions\nX-Force URL:            http://xforce.iss.net/static/6447.php\n\nDate Reported:          04/19/2001\nBrief Description:      Netopia Timbuktu allows unauthorized system\n                        access\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Timbuktu Pro, Macintosh OS X\nVulnerability:          netopia-timbuktu-gain-access\nX-Force URL:            http://xforce.iss.net/static/6452.php\n\nDate Reported:          04/20/2001\nBrief Description:      Cisco CBOS could allow attackers to gain \n                        privileged information\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability:          cisco-cbos-gain-information\nX-Force URL:            http://xforce.iss.net/static/6453.php\n\nDate Reported:          04/20/2001\nBrief Description:      Internet Explorer 5.x allows active scripts \n                        using XML stylesheets\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Internet Explorer 5.x, Outlook Express 5.x\nVulnerability:          ie-xml-stylesheets-scripting\nX-Force URL:            http://xforce.iss.net/static/6448.php\n\nDate Reported:          04/20/2001\nBrief Description:      Linux gftp format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     gftp prior to 2.0.8, Mandrake Linux 8.0, \n                        Mandrake Linux Corporate Server 1.0.1, Immunix\n                        Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n                        7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n                        Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n                        Linux 7.0\nVulnerability:          gftp-format-string\nX-Force URL:            http://xforce.iss.net/static/6478.php\n\nDate Reported:          04/20/2001\nBrief Description:      Novell BorderManager VPN client SYN requests \n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Novell BorderManager 3.5\nVulnerability:          bordermanager-vpn-syn-dos\nX-Force URL:            http://xforce.iss.net/static/6429.php\n\nDate Reported:          04/20/2001\nBrief Description:      SAFT sendfiled could allow the execution of\n                        arbitrary code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability:          saft-sendfiled-execute-code\nX-Force URL:            http://xforce.iss.net/static/6430.php\n\nDate Reported:          04/21/2001\nBrief Description:      Mercury MTA for Novell Netware buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability:          mercury-mta-bo\nX-Force URL:            http://xforce.iss.net/static/6444.php\n\nDate Reported:          04/21/2001\nBrief Description:      QNX allows attacker to read files on FAT \n                        partition\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QNX 2.4\nVulnerability:          qnx-fat-file-read\nX-Force URL:            http://xforce.iss.net/static/6437.php\n\nDate Reported:          04/23/2001\nBrief Description:      Viking Server \"dot dot\" (\\...\\) directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server 1.0.7\nVulnerability:          viking-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6450.php\n\nDate Reported:          04/24/2001\nBrief Description:      NetCruiser Web Server could reveal directory\n                        path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     NetCruiser Web Server 0.1.2.8\nVulnerability:          netcruiser-server-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6468.php\n\nDate Reported:          04/24/2001\nBrief Description:      Perl Web Server directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Perl Web Server 0.3 and prior\nVulnerability:          perl-webserver-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6451.php\n\nDate Reported:          04/24/2001\nBrief Description:      Small HTTP Server /aux denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Small HTTP Server 2.03\nVulnerability:          small-http-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6446.php\n\nDate Reported:          04/24/2001\nBrief Description:      IPSwitch IMail SMTP daemon mailing list handler\n                        buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     IPSwitch Imail 6.06 and earlier\nVulnerability:          ipswitch-imail-smtp-bo\nX-Force URL:            http://xforce.iss.net/static/6445.php\n\nDate Reported:          04/25/2001\nBrief Description:      MIT Kerberos 5 could allow attacker to gain root\n                        access by injecting base64-encoded data\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     MIT Kerberos 5\nVulnerability:          kerberos-inject-base64-encode\nX-Force URL:            http://xforce.iss.net/static/6454.php\n\nDate Reported:          04/26/2001\nBrief Description:      IRIX netprint -n allows attacker to access\n                        shared library\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     IRIX 6.x\nVulnerability:          irix-netprint-shared-library\nX-Force URL:            http://xforce.iss.net/static/6473.php\n\nDate Reported:          04/26/2001\nBrief Description:      WebXQ \"dot dot\" directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Windows, WebXQ 2.1.204\nVulnerability:          webxq-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6466.php\n\nDate Reported:          04/26/2001\nBrief Description:      RaidenFTPD \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability:          raidenftpd-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6455.php\n\nDate Reported:          04/27/2001\nBrief Description:      PerlCal CGI cal_make.pl script directory\n                        traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Unix, PerlCal 2.95 and prior\nVulnerability:          perlcal-calmake-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6480.php\n\nDate Reported:          04/28/2001\nBrief Description:      ICQ Web Front plugin denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability:          icq-webfront-dos\nX-Force URL:            http://xforce.iss.net/static/6474.php\n\nDate Reported:          04/28/2001\nBrief Description:      Alex FTP Server \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Alex\u0027s FTP Server 0.7\nVulnerability:          alex-ftp-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6475.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver FTP path disclosure\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-ftp-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6477.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver Web server \"dot dot\" directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-web-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6476.php\n\nDate Reported:          04/29/2001\nBrief Description:      Winamp AIP buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Winamp 2.6x and 2.7x\nVulnerability:          winamp-aip-bo\nX-Force URL:            http://xforce.iss.net/static/6479.php\n\nDate Reported:          04/29/2001\nBrief Description:      BearShare \"dot dot\" allows remote attacker to traverse\n                        directories and download any file\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BearShare 2.2.2 and prior, Windows 95, Windows\n                        98, Windows ME\nVulnerability:          bearshare-dot-download-files\nX-Force URL:            http://xforce.iss.net/static/6481.php\n\nDate Reported:          05/01/2001\nBrief Description:      IIS 5.0 ISAPI extension buffer overflow\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IIS 5.0, Windows 2000 Server, Windows 2000\n                        Advanced Server, Windows 2000 Datacenter Server\nVulnerability:          iis-isapi-bo\nX-Force URL:            http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n        High    Any vulnerability that provides an attacker with immediate\n                access into a machine, gains superuser access, or bypasses\n                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version\n                that allows an intruder to execute commands on mail\n                server. \n        Medium  Any vulnerability that provides information that has a\n                high potential of giving system access to an intruder. \n                Example: A misconfigured TFTP or vulnerable NIS server\n                that allows an intruder to get the password file that\n                could contain an account with a guessable password. \n        Low     Any vulnerability that provides information that\n                potentially could lead to a compromise.  Example:  A\n                finger that allows an intruder to find out who is online\n                and potential accounts to attempt to crack passwords\n                via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business.  With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies.  Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East.  For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0429"
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "IVD",
            "id": "bbed9956-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3248"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          }
        ],
        "trust": 3.69
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-0429",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "2604",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-020",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6348",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6351",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.9
          },
          {
            "db": "BID",
            "id": "2575",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "2598",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6379",
            "trust": 0.7
          },
          {
            "db": "CISCO",
            "id": "20010416 CATALYST 5000 SERIES 802.1X VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "CIAC",
            "id": "L-072",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "8021",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "BBED9956-23CE-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-3248",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6382",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6475",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6343",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6386",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6328",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6333",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6334",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6376",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6345",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6422",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6322",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6378",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6342",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6453",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6405",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6321",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6377",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6428",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6450",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6332",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6410",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6478",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6359",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6485",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6414",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6371",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6477",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6395",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6394",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6353",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6466",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6481",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6329",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6372",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6437",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6367",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6411",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6452",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6354",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6344",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6356",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6420",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6424",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6365",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6415",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6416",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6412",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6391",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6447",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6362",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6408",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6331",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6431",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6479",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6429",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6392",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6396",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6480",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6468",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6366",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6327",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6474",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6319",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6403",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6413",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6388",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6363",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6454",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6364",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6400",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6339",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6455",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6341",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6318",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6347",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6436",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6448",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6320",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6385",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6402",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6426",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6323",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6369",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6336",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6427",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6446",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6349",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6368",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6389",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6357",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6476",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6401",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6326",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6340",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6337",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6473",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6375",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6409",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6390",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6335",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6393",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6324",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6445",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6404",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6360",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6398",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6430",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6406",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6444",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6330",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6355",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6407",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6374",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6383",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6451",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "bbed9956-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3248"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0429"
          }
        ]
      },
      "id": "VAR-200107-0161",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "bbed9956-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3248"
          }
        ],
        "trust": 0.03
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "bbed9956-23ce-11e6-abef-000c29c66e3d"
          }
        ]
      },
      "last_update_date": "2026-04-10T22:45:33.104000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0429"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/2604"
          },
          {
            "trust": 1.7,
            "url": "http://www.ciac.org/ciac/bulletins/l-072.shtml"
          },
          {
            "trust": 1.7,
            "url": "http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6379"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6348.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6351.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2575"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2598"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.7,
            "url": "http://xforce.iss.net/static/6379.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.lotus.com/home.nsf/welcome/domino"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6323.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6330.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6392.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6444.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6455.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6468.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6452.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6327.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6395.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6485.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6402.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6362.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6366.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6336.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6451.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6334.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6406.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6427.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.iss.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6343.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6326.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6319.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6344.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6398.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6428.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6353.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6356.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6390.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6450.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6446.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6368.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6332.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6359.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6376.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6354.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6378.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6374.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6394.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6383.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6411.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6414.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6481.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6349.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6365.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6382.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6403.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6324.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6329.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6437.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6388.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6415.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6424.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6342.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6337.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6357.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/alerts/vol-6_num-6.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6407.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6389.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6436.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6466.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6412.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6448.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6400.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6318.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6478.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6454.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6372.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6420.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6335.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6345.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6479.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6355.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6321.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6364.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6476.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6393.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6391.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6341.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6371.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6429.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6369.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6405.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6431.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6422.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6410.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6347.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6360.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6401.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6413.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6474.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6477.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6385.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6473.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6328.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6377.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6416.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6339.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6367.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6445.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6453.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6375.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/maillists/index.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6475.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6430.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6340.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6396.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6426.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6331.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6386.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/sensitive.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6333.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6480.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6409.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6447.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6404.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6320.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6408.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6322.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6363.php"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3248"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0429"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "bbed9956-23ce-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-3248",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-020",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0429",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-02T00:00:00",
            "db": "IVD",
            "id": "bbed9956-23ce-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3248",
            "ident": null
          },
          {
            "date": "2001-04-11T00:00:00",
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "date": "2001-05-16T01:07:09",
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "date": "2001-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200107-020",
            "ident": null
          },
          {
            "date": "2001-07-02T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0429",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2017-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3248",
            "ident": null
          },
          {
            "date": "2001-04-11T00:00:00",
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200107-020",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-0429",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-020"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "Cisco Catalyst Switch Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "bbed9956-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-020"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "unknown",
        "sources": [
          {
            "db": "IVD",
            "id": "bbed9956-23ce-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-020"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-200107-0175

    Vulnerability from variot - Updated: 2026-04-10 22:45

    GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. The GoAhead Web Server is a freely available, open source software package developed by GoAhead. The GoAhead Web Server offers a multi-platform web server and source code to the community. The process has to be manually restarted to resume normal operation. DIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host. GoAhead webserver version 2.1 has a vulnerability. -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6

    X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php

    This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php


    Contents: * 120 Reported Vulnerabilities * Risk Factor Key


    Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php

    Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php

    Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php

    Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php

    Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php

    Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php

    Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php

    Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php

    Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php

    Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php

    Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php

    Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php

    Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php

    Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php

    Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php

    Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php

    Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php

    Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php

    Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php

    Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php

    Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php

    Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php

    Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php

    Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php

    Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php

    Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php

    Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php

    Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php

    Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php

    Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php

    Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php

    Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php

    Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php

    Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php

    Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php

    Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php

    Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php

    Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php

    Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php

    Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php

    Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php

    Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php

    Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php

    Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php

    Date Reported: 04/16/2001 Brief Description: Microsoft Internet Explorer altering CLSID action allows malicious file execution Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
    Vulnerability: ie-clsid-execute-files X-Force URL: http://xforce.iss.net/static/6426.php

    Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php

    Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php

    Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php

    Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php

    Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php

    Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php

    Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php

    Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php

    Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php

    Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php

    Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php

    Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php

    Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php

    Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php

    Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php

    Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php

    Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php

    Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php

    Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php

    Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php

    Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php

    Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php

    Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php

    Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php

    Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php

    Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php

    Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php

    Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php

    Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php

    Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php

    Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php

    Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php

    Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php

    Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php

    Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php

    Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php

    Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php

    Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php

    Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php

    Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php

    Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php

    Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php

    Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php

    Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php


    Risk Factor Key:

        High    Any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server. 
        Medium  Any vulnerability that provides information that has a
                high potential of giving system access to an intruder. 
                Example: A misconfigured TFTP or vulnerable NIS server
                that allows an intruder to get the password file that
                could contain an account with a guessable password. 
        Low     Any vulnerability that provides information that
                potentially could lead to a compromise.  Example:  A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via brute force methods.
    

    About Internet Security Systems (ISS)

    Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.

    Copyright (c) 2001 by Internet Security Systems, Inc.

    Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.

    Disclaimer

    The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

    X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.

    Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv

    iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": "webserver",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "goahead",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "software goahead webserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "goahead",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.6"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.5"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.4"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.3"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.7"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "BID",
            "id": "2607"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0385"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "This vulnerability was announced to Bugtraq by nemesystm \u003cneme-dhc@hushmail.com\u003e on April 17, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "2607"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-037"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2001-0385",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-0385",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-3204",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-0385",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#890128",
                "trust": 0.8,
                "value": "5.07"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#642760",
                "trust": 0.8,
                "value": "10.50"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200107-037",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3204",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3204"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0385"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. The GoAhead Web Server is a freely available, open source software package developed by GoAhead.  The GoAhead Web Server offers a multi-platform web server and source code to the community.  The process has to be manually restarted to resume normal operation. \nDIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host. GoAhead webserver version 2.1 has a vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported:          04/02/2001\nBrief Description:      The Bat! masked file type in email attachment\n                        could allow execution of code\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     The Bat! 1.49 and earlier\nVulnerability:          thebat-masked-file-type\nX-Force URL:            http://xforce.iss.net/static/6324.php\n\nDate Reported:          04/02/2001\nBrief Description:      PHP-Nuke could allow attackers to redirect ad\n                        banner URL links\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     PHP-Nuke 4.4 and earlier\nVulnerability:          php-nuke-url-redirect\nX-Force URL:            http://xforce.iss.net/static/6342.php\n\nDate Reported:          04/03/2001\nBrief Description:      Orinoco RG-1000 Residential Gateway default SSID\n                        reveals WEP encryption key\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Orinoco Residential Gateway RG-1000\nVulnerability:          orinoco-rg1000-wep-key\nX-Force URL:            http://xforce.iss.net/static/6328.php\n\nDate Reported:          04/03/2001\nBrief Description:      Navision Financials server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Navision Financials 2.5 and 2.6\nVulnerability:          navision-server-dos\nX-Force URL:            http://xforce.iss.net/static/6318.php\n\nDate Reported:          04/03/2001\nBrief Description:      uStorekeeper online shopping system allows\n                        remote file retrieval\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     uStorekeeper 1.61\nVulnerability:          ustorekeeper-retrieve-files\nX-Force URL:            http://xforce.iss.net/static/6319.php\n\nDate Reported:          04/03/2001\nBrief Description:      Resin server allows remote attackers to view\n                        Javabean files\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Resin 1.2.x, Resin 1.3b1\nVulnerability:          resin-view-javabean\nX-Force URL:            http://xforce.iss.net/static/6320.php\n\nDate Reported:          04/03/2001\nBrief Description:      BPFTP could allow attackers to obtain login\n                        credentials\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BPFTP 2.0\nVulnerability:          bpftp-obtain-credentials\nX-Force URL:            http://xforce.iss.net/static/6330.php\n\nDate Reported:          04/04/2001\nBrief Description:      Ntpd server readvar control message buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n                        Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n                        Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n                        earlier, FreeBSD 4.2-Stable, Mandrake Linux\n                        Corporate Server 1.0.1, Mandrake Linux 7.2,\n                        Trustix Secure Linux, Immunix Linux 7.0, \n                        NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n                        eServer 2.3.1\nVulnerability:          ntpd-remote-bo\nX-Force URL:            http://xforce.iss.net/static/6321.php\n\nDate Reported:          04/04/2001\nBrief Description:      Cisco CSS debug mode allows users to gain\n                        administrative access\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco Content Services Switch 11050, Cisco \n                        Content Services Switch 11150, Cisco Content\n                        Services Switch 11800\nVulnerability:          cisco-css-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6322.php\n\nDate Reported:          04/04/2001\nBrief Description:      BEA Tuxedo may allow access to remote services\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BEA Tuxedo 7.1\nVulnerability:          bea-tuxedo-remote-access\nX-Force URL:            http://xforce.iss.net/static/6326.php\n\nDate Reported:          04/05/2001\nBrief Description:      Ultimate Bulletin Board could allow attackers to\n                        bypass authentication\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Ultimate Bulletin Board 5.43, Ultimate Bulletin\n                        Board 5.4.7e\nVulnerability:          ultimatebb-bypass-authentication\nX-Force URL:            http://xforce.iss.net/static/6339.php\n\nDate Reported:          04/05/2001\nBrief Description:      BinTec X4000 NMAP denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n                        BinTec X1200\nVulnerability:          bintec-x4000-nmap-dos\nX-Force URL:            http://xforce.iss.net/static/6323.php\n\nDate Reported:          04/05/2001\nBrief Description:      WatchGuard Firebox II kernel denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     WatchGuard Firebox II prior to 4.6\nVulnerability:          firebox-kernel-dos\nX-Force URL:            http://xforce.iss.net/static/6327.php\n\nDate Reported:          04/06/2001\nBrief Description:      Cisco PIX denial of service due to multiple \n                        TACACS+ requests\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco PIX Firewall 5.1.4\nVulnerability:          cisco-pix-tacacs-dos\nX-Force URL:            http://xforce.iss.net/static/6353.php\n\nDate Reported:          04/06/2001\nBrief Description:      Darren Reed\u0027s IP Filter allows attackers to\n                        access UDP and TCP ports\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IP Filter 3.4.16\nVulnerability:          ipfilter-access-ports\nX-Force URL:            http://xforce.iss.net/static/6331.php\n\nDate Reported:          04/06/2001\nBrief Description:      Veritas NetBackup nc (netcat) command denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     NetBackup 3.2\nVulnerability:          veritas-netbackup-nc-dos\nX-Force URL:            http://xforce.iss.net/static/6329.php\n\nDate Reported:          04/08/2001\nBrief Description:      PGP may allow malicious users to access\n                        authenticated split keys\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     PGP 7.0\nVulnerability:          nai-pgp-split-keys\nX-Force URL:            http://xforce.iss.net/static/6341.php\n\nDate Reported:          04/09/2001\nBrief Description:      Solaris kcms_configure command line buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcms-command-bo\nX-Force URL:            http://xforce.iss.net/static/6359.php\n\nDate Reported:          04/09/2001\nBrief Description:      TalkBack CGI script could allow remote attackers\n                        to read files on the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     TalkBack prior to 1.2\nVulnerability:          talkback-cgi-read-files\nX-Force URL:            http://xforce.iss.net/static/6340.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) implementation\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n                        HP-UX 11.00, NetBSD\nVulnerability:          ftp-glob-implementation\nX-Force URL:            http://xforce.iss.net/static/6333.php\n\nDate Reported:          04/09/2001\nBrief Description:      Pine mail client temp file symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n                        Linux 6.2, Red Hat Linux 7.0\nVulnerability:          pine-tmp-file-symlink\nX-Force URL:            http://xforce.iss.net/static/6367.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) expansion\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n                        OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability:          ftp-glob-expansion\nX-Force URL:            http://xforce.iss.net/static/6332.php\n\nDate Reported:          04/09/2001\nBrief Description:      Netscape embedded JavaScript in GIF file \n                        comments can be used to access remote data\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape Communicator 4.76, Red Hat Linux 6.2,\n                        Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n                        7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n                        Red Hat Linux 7.1\nVulnerability:          netscape-javascript-access-data\nX-Force URL:            http://xforce.iss.net/static/6344.php\n\nDate Reported:          04/09/2001\nBrief Description:      STRIP generates weak passwords\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     STRIP 0.5 and earlier\nVulnerability:          strip-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6362.php\n\nDate Reported:          04/10/2001\nBrief Description:      Solaris Xsun HOME environment variable buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-xsun-home-bo\nX-Force URL:            http://xforce.iss.net/static/6343.php\n\nDate Reported:          04/10/2001\nBrief Description:      Compaq Presario Active X denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Compaq Presario, Windows 98, Windows ME\nVulnerability:          compaq-activex-dos\nX-Force URL:            http://xforce.iss.net/static/6355.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-expert-account\nX-Force URL:            http://xforce.iss.net/static/6354.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on LAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-lan-access\nX-Force URL:            http://xforce.iss.net/static/6336.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on WAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-wan-access\nX-Force URL:            http://xforce.iss.net/static/6337.php\n\nDate Reported:          04/10/2001\nBrief Description:      Oracle Application Server shared library\n                        (ndwfn4.so) buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     iPlanet Web Server 4.x, Oracle Application\n                        Server 4.0.8.2\nVulnerability:          oracle-appserver-ndwfn4-bo\nX-Force URL:            http://xforce.iss.net/static/6334.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems use blank password by\n                        default\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-blank-password\nX-Force URL:            http://xforce.iss.net/static/6335.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris dtsession buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-dtsession-bo\nX-Force URL:            http://xforce.iss.net/static/6366.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcssunwiosolf-bo\nX-Force URL:            http://xforce.iss.net/static/6365.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lightwave ConsoleServer brute force password\n                        attack\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Lightwave ConsoleServer 3200\nVulnerability:          lightwave-consoleserver-brute-force\nX-Force URL:            http://xforce.iss.net/static/6345.php\n\nDate Reported:          04/11/2001\nBrief Description:      nph-maillist allows user to execute code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Email List Generator 3.5 and earlier\nVulnerability:          nph-maillist-execute-code\nX-Force URL:            http://xforce.iss.net/static/6363.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost Configuration Server denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5\nVulnerability:          ghost-configuration-server-dos\nX-Force URL:            http://xforce.iss.net/static/6357.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server DOS device denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-device-dos\nX-Force URL:            http://xforce.iss.net/static/6348.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server HTTP header denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-header-dos\nX-Force URL:            http://xforce.iss.net/static/6347.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server URL parsing denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-url-dos\nX-Force URL:            http://xforce.iss.net/static/6351.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server CORBA denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-corba-dos\nX-Force URL:            http://xforce.iss.net/static/6350.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost database engine denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5, Sybase Adaptive Server Database\n                        Engine 6.0.3.2747\nVulnerability:          ghost-database-engine-dos\nX-Force URL:            http://xforce.iss.net/static/6356.php\n\nDate Reported:          04/11/2001\nBrief Description:      cfingerd daemon remote format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Debian Linux 2.1, Debian Linux 2.2, cfingerd\n                        1.4.3 and earlier\nVulnerability:          cfingerd-remote-format-string\nX-Force URL:            http://xforce.iss.net/static/6364.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server Unicode denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-unicode-dos\nX-Force URL:            http://xforce.iss.net/static/6349.php\n\nDate Reported:          04/11/2001\nBrief Description:      Linux mkpasswd generates weak passwords\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability:          mkpasswd-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6382.php\n\nDate Reported:          04/12/2001\nBrief Description:      Solaris ipcs utility buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-ipcs-bo\nX-Force URL:            http://xforce.iss.net/static/6369.php\n\nDate Reported:          04/12/2001\nBrief Description:      InterScan VirusWall ISADMIN service buffer \n                        overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel , InterScan VirusWall 3.0.1\nVulnerability:          interscan-viruswall-isadmin-bo\nX-Force URL:            http://xforce.iss.net/static/6368.php\n\nDate Reported:          04/12/2001\nBrief Description:      HylaFAX hfaxd format string\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n                        Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n                        Mandrake Linux 7.2, Mandrake Linux Corporate\n                        Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability:          hylafax-hfaxd-format-string\nX-Force URL:            http://xforce.iss.net/static/6377.php\n\nDate Reported:          04/12/2001\nBrief Description:      Cisco VPN 3000 Concentrators invalid IP Option\n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability:          cisco-vpn-ip-dos\nX-Force URL:            http://xforce.iss.net/static/6360.php\n\nDate Reported:          04/13/2001\nBrief Description:      Net.Commerce package in IBM WebSphere reveals\n                        installation path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n                        7, Windows NT 4.0\nVulnerability:          ibm-websphere-reveals-path\nX-Force URL:            http://xforce.iss.net/static/6371.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Term 5.0, QVT/Net 5.0\nVulnerability:          qpc-ftpd-bo\nX-Force URL:            http://xforce.iss.net/static/6376.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     QVT/Net 5.0, QVT/Term 5.0\nVulnerability:          qpc-ftpd-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6375.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC popd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Net 5.0\nVulnerability:          qpc-popd-bo\nX-Force URL:            http://xforce.iss.net/static/6374.php\n\nDate Reported:          04/13/2001\nBrief Description:      NCM Content Management System access database\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     NCM Content Management System\nVulnerability:          ncm-content-database-access\nX-Force URL:            http://xforce.iss.net/static/6386.php\n\nDate Reported:          04/13/2001\nBrief Description:      Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape SmartDownload 1.3, Windows NT, Windows\n                        95, Windows 98\nVulnerability:          netscape-smartdownload-sdph20-bo\nX-Force URL:            http://xforce.iss.net/static/6403.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer accept buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-accept-bo\nX-Force URL:            http://xforce.iss.net/static/6404.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer cancel buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-cancel-bo\nX-Force URL:            http://xforce.iss.net/static/6406.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer disable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-disable-bo\nX-Force URL:            http://xforce.iss.net/static/6407.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer enable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-enable-bo\nX-Force URL:            http://xforce.iss.net/static/6409.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lp buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lp-bo\nX-Force URL:            http://xforce.iss.net/static/6410.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpfilter buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpfilter-bo\nX-Force URL:            http://xforce.iss.net/static/6411.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpstat buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpstat-bo\nX-Force URL:            http://xforce.iss.net/static/6413.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer reject buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-reject-bo\nX-Force URL:            http://xforce.iss.net/static/6414.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer rmail buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-rmail-bo\nX-Force URL:            http://xforce.iss.net/static/6415.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer tput buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-tput-bo\nX-Force URL:            http://xforce.iss.net/static/6416.php\n\nDate Reported:          04/13/2001\nBrief Description:      IBM WebSphere CGI macro denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n                        4.3.x, Solaris 7\nVulnerability:          ibm-websphere-macro-dos\nX-Force URL:            http://xforce.iss.net/static/6372.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpmove buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpmove-bo\nX-Force URL:            http://xforce.iss.net/static/6412.php\n\nDate Reported:          04/14/2001\nBrief Description:      Siemens Reliant Unix ppd -T symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n                        Unix 5.44\nVulnerability:          reliant-unix-ppd-symlink\nX-Force URL:            http://xforce.iss.net/static/6408.php\n\nDate Reported:          04/15/2001\nBrief Description:      Linux Exuberant Ctags package symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, exuberant-ctags\nVulnerability:          exuberant-ctags-symlink\nX-Force URL:            http://xforce.iss.net/static/6388.php\n\nDate Reported:          04/15/2001\nBrief Description:      processit.pl CGI could allow attackers to view\n                        sensitive information about the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     processit.pl\nVulnerability:          processit-cgi-view-info\nX-Force URL:            http://xforce.iss.net/static/6385.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft ISA Server Web Proxy denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft ISA Server 2000\nVulnerability:          isa-web-proxy-dos\nX-Force URL:            http://xforce.iss.net/static/6383.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft Internet Explorer altering CLSID\n                        action allows malicious file execution\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Windows 2000, Internet Explorer 5.5, Windows 98                       \nVulnerability:          ie-clsid-execute-files\nX-Force URL:            http://xforce.iss.net/static/6426.php\n\nDate Reported:          04/16/2001\nBrief Description:      Cisco Catalyst 5000 series switch 802.1x denial\n                        of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco Catalyst 5000 Series\nVulnerability:          cisco-catalyst-8021x-dos\nX-Force URL:            http://xforce.iss.net/static/6379.php\n\nDate Reported:          04/16/2001\nBrief Description:      BubbleMon allows users to gain elevated \n                        privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     BubbleMon prior to 1.32, FreeBSD\nVulnerability:          bubblemon-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6378.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6391.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field allows attacker to upload\n                        files\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-file-upload\nX-Force URL:            http://xforce.iss.net/static/6393.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field EXPR allows attacker to\n                        execute commands\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-expr\nX-Force URL:            http://xforce.iss.net/static/6392.php\n\nDate Reported:          04/16/2001\nBrief Description:      Linux NetFilter IPTables\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability:          linux-netfilter-iptables\nX-Force URL:            http://xforce.iss.net/static/6390.php\n\nDate Reported:          04/17/2001\nBrief Description:      Xitami Web server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability:          xitami-server-dos\nX-Force URL:            http://xforce.iss.net/static/6389.php\n\nDate Reported:          04/17/2001\nBrief Description:      Samba tmpfile symlink attack could allow\n                        elevated privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n                        Progeny Linux, Caldera OpenLinux eBuilder,\n                        Trustix Secure Linux 1.01, Mandrake Linux \n                        Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n                        Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n                        Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n                        OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability:          samba-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6396.php\n\nDate Reported:          04/17/2001\nBrief Description:      GoAhead WebServer \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability:          goahead-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6400.php\n\nDate Reported:          04/17/2001\nBrief Description:      AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     SimpleServer:WWW 1.03 to 1.08\nVulnerability:          analogx-simpleserver-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6395.php\n\nDate Reported:          04/17/2001\nBrief Description:      Viking Server hexadecimal URL encoded format\n                        directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server prior to 1.07-381\nVulnerability:          viking-hex-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6394.php\n\nDate Reported:          04/17/2001\nBrief Description:      Solaris FTP server allows attacker to recover\n                        shadow file\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 2.6\nVulnerability:          solaris-ftp-shadow-recovery\nX-Force URL:            http://xforce.iss.net/static/6422.php\n\nDate Reported:          04/18/2001\nBrief Description:      The Bat! pop3 denial of service\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     The Bat! 1.51, Windows\nVulnerability:          thebat-pop3-dos\nX-Force URL:            http://xforce.iss.net/static/6423.php\n\nDate Reported:          04/18/2001\nBrief Description:      Eudora allows attacker to obtain files using\n                        plain text attachments\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Eudora 5.0.2\nVulnerability:          eudora-plain-text-attachment\nX-Force URL:            http://xforce.iss.net/static/6431.php\n\nDate Reported:          04/18/2001\nBrief Description:      VMware vmware-mount.pl symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     VMware\nVulnerability:          vmware-mount-symlink\nX-Force URL:            http://xforce.iss.net/static/6420.php\n\nDate Reported:          04/18/2001\nBrief Description:      KFM tmpfile symbolic link could allow local\n                        attackers to overwrite files\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 7.0, K File Manager (KFM)\nVulnerability:          kfm-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6428.php\n\nDate Reported:          04/18/2001\nBrief Description:      CyberScheduler timezone remote buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     CyberScheduler, Mandrake Linux, Windows 2000,\n                        IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n                        Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n                        Linux, Solaris 2.5, Solaris 2.6, Caldera \n                        OpenLinux, Windows NT\nVulnerability:          cyberscheduler-timezone-bo\nX-Force URL:            http://xforce.iss.net/static/6401.php\n\nDate Reported:          04/18/2001\nBrief Description:      Microsoft Data Access Component Internet\n                        Publishing Provider allows WebDAV access\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft Data Access Component 8.103.2519.0,\n                        Windows 95, Windows NT 4.0, Windows 98, Windows\n                        98 Second Edition, Windows 2000, Windows ME \nVulnerability:          ms-dacipp-webdav-access\nX-Force URL:            http://xforce.iss.net/static/6405.php\n\nDate Reported:          04/18/2001\nBrief Description:      Oracle tnslsnr80.exe denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability:          oracle-tnslsnr80-dos\nX-Force URL:            http://xforce.iss.net/static/6427.php\n\nDate Reported:          04/18/2001\nBrief Description:      innfeed -c flag buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux, Slackware Linux, Mandrake Linux,\n                        INN prior to 2.3.1\nVulnerability:          innfeed-c-bo\nX-Force URL:            http://xforce.iss.net/static/6398.php\n\nDate Reported:          04/18/2001\nBrief Description:      iPlanet Calendar Server stores username and\n                        password in plaintext\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     iPlanet Calendar Server 5.0p2\nVulnerability:          iplanet-calendar-plaintext-password\nX-Force URL:            http://xforce.iss.net/static/6402.php\n\nDate Reported:          04/18/2001\nBrief Description:      Linux NEdit symlink when printing\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n                        2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n                        SuSE Linux 7.0, Mandrake Linux Corporate Server\n                        1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability:          nedit-print-symlink\nX-Force URL:            http://xforce.iss.net/static/6424.php\n\nDate Reported:          04/19/2001\nBrief Description:      CheckBO TCP buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     CheckBO 1.56 and earlier\nVulnerability:          checkbo-tcp-bo\nX-Force URL:            http://xforce.iss.net/static/6436.php\n\nDate Reported:          04/19/2001\nBrief Description:      HP-UX pcltotiff uses insecure permissions\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n                        HP-UX 10.26\nVulnerability:          hp-pcltotiff-insecure-permissions\nX-Force URL:            http://xforce.iss.net/static/6447.php\n\nDate Reported:          04/19/2001\nBrief Description:      Netopia Timbuktu allows unauthorized system\n                        access\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Timbuktu Pro, Macintosh OS X\nVulnerability:          netopia-timbuktu-gain-access\nX-Force URL:            http://xforce.iss.net/static/6452.php\n\nDate Reported:          04/20/2001\nBrief Description:      Cisco CBOS could allow attackers to gain \n                        privileged information\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability:          cisco-cbos-gain-information\nX-Force URL:            http://xforce.iss.net/static/6453.php\n\nDate Reported:          04/20/2001\nBrief Description:      Internet Explorer 5.x allows active scripts \n                        using XML stylesheets\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Internet Explorer 5.x, Outlook Express 5.x\nVulnerability:          ie-xml-stylesheets-scripting\nX-Force URL:            http://xforce.iss.net/static/6448.php\n\nDate Reported:          04/20/2001\nBrief Description:      Linux gftp format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     gftp prior to 2.0.8, Mandrake Linux 8.0, \n                        Mandrake Linux Corporate Server 1.0.1, Immunix\n                        Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n                        7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n                        Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n                        Linux 7.0\nVulnerability:          gftp-format-string\nX-Force URL:            http://xforce.iss.net/static/6478.php\n\nDate Reported:          04/20/2001\nBrief Description:      Novell BorderManager VPN client SYN requests \n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Novell BorderManager 3.5\nVulnerability:          bordermanager-vpn-syn-dos\nX-Force URL:            http://xforce.iss.net/static/6429.php\n\nDate Reported:          04/20/2001\nBrief Description:      SAFT sendfiled could allow the execution of\n                        arbitrary code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability:          saft-sendfiled-execute-code\nX-Force URL:            http://xforce.iss.net/static/6430.php\n\nDate Reported:          04/21/2001\nBrief Description:      Mercury MTA for Novell Netware buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability:          mercury-mta-bo\nX-Force URL:            http://xforce.iss.net/static/6444.php\n\nDate Reported:          04/21/2001\nBrief Description:      QNX allows attacker to read files on FAT \n                        partition\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QNX 2.4\nVulnerability:          qnx-fat-file-read\nX-Force URL:            http://xforce.iss.net/static/6437.php\n\nDate Reported:          04/23/2001\nBrief Description:      Viking Server \"dot dot\" (\\...\\) directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server 1.0.7\nVulnerability:          viking-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6450.php\n\nDate Reported:          04/24/2001\nBrief Description:      NetCruiser Web Server could reveal directory\n                        path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     NetCruiser Web Server 0.1.2.8\nVulnerability:          netcruiser-server-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6468.php\n\nDate Reported:          04/24/2001\nBrief Description:      Perl Web Server directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Perl Web Server 0.3 and prior\nVulnerability:          perl-webserver-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6451.php\n\nDate Reported:          04/24/2001\nBrief Description:      Small HTTP Server /aux denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Small HTTP Server 2.03\nVulnerability:          small-http-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6446.php\n\nDate Reported:          04/24/2001\nBrief Description:      IPSwitch IMail SMTP daemon mailing list handler\n                        buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     IPSwitch Imail 6.06 and earlier\nVulnerability:          ipswitch-imail-smtp-bo\nX-Force URL:            http://xforce.iss.net/static/6445.php\n\nDate Reported:          04/25/2001\nBrief Description:      MIT Kerberos 5 could allow attacker to gain root\n                        access by injecting base64-encoded data\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     MIT Kerberos 5\nVulnerability:          kerberos-inject-base64-encode\nX-Force URL:            http://xforce.iss.net/static/6454.php\n\nDate Reported:          04/26/2001\nBrief Description:      IRIX netprint -n allows attacker to access\n                        shared library\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     IRIX 6.x\nVulnerability:          irix-netprint-shared-library\nX-Force URL:            http://xforce.iss.net/static/6473.php\n\nDate Reported:          04/26/2001\nBrief Description:      WebXQ \"dot dot\" directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Windows, WebXQ 2.1.204\nVulnerability:          webxq-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6466.php\n\nDate Reported:          04/26/2001\nBrief Description:      RaidenFTPD \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability:          raidenftpd-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6455.php\n\nDate Reported:          04/27/2001\nBrief Description:      PerlCal CGI cal_make.pl script directory\n                        traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Unix, PerlCal 2.95 and prior\nVulnerability:          perlcal-calmake-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6480.php\n\nDate Reported:          04/28/2001\nBrief Description:      ICQ Web Front plugin denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability:          icq-webfront-dos\nX-Force URL:            http://xforce.iss.net/static/6474.php\n\nDate Reported:          04/28/2001\nBrief Description:      Alex FTP Server \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Alex\u0027s FTP Server 0.7\nVulnerability:          alex-ftp-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6475.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver FTP path disclosure\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-ftp-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6477.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver Web server \"dot dot\" directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-web-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6476.php\n\nDate Reported:          04/29/2001\nBrief Description:      Winamp AIP buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Winamp 2.6x and 2.7x\nVulnerability:          winamp-aip-bo\nX-Force URL:            http://xforce.iss.net/static/6479.php\n\nDate Reported:          04/29/2001\nBrief Description:      BearShare \"dot dot\" allows remote attacker to traverse\n                        directories and download any file\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BearShare 2.2.2 and prior, Windows 95, Windows\n                        98, Windows ME\nVulnerability:          bearshare-dot-download-files\nX-Force URL:            http://xforce.iss.net/static/6481.php\n\nDate Reported:          05/01/2001\nBrief Description:      IIS 5.0 ISAPI extension buffer overflow\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IIS 5.0, Windows 2000 Server, Windows 2000\n                        Advanced Server, Windows 2000 Datacenter Server\nVulnerability:          iis-isapi-bo\nX-Force URL:            http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n        High    Any vulnerability that provides an attacker with immediate\n                access into a machine, gains superuser access, or bypasses\n                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version\n                that allows an intruder to execute commands on mail\n                server. \n        Medium  Any vulnerability that provides information that has a\n                high potential of giving system access to an intruder. \n                Example: A misconfigured TFTP or vulnerable NIS server\n                that allows an intruder to get the password file that\n                could contain an account with a guessable password. \n        Low     Any vulnerability that provides information that\n                potentially could lead to a compromise.  Example:  A\n                finger that allows an intruder to find out who is online\n                and potential accounts to attempt to crack passwords\n                via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business.  With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies.  Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East.  For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0385"
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "BID",
            "id": "2607"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3204"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          }
        ],
        "trust": 3.78
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-3204",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3204"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "BID",
            "id": "2607",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0385",
            "trust": 2.0
          },
          {
            "db": "OSVDB",
            "id": "6664",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "81099",
            "trust": 1.1
          },
          {
            "db": "XF",
            "id": "6348",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6351",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.9
          },
          {
            "db": "BID",
            "id": "2575",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "2598",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6400",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20010417 ADVISORY FOR GOAHEAD WEBSERVER V2.1",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-037",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-74628",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "20770",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-3204",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6382",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6475",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6343",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6386",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6328",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6333",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6334",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6376",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6345",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6422",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6322",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6378",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6342",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6453",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6405",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6321",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6377",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6428",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6450",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6332",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6410",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6478",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6359",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6485",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6414",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6371",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6477",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6395",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6394",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6353",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6466",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6481",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6329",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6372",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6437",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6367",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6411",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6452",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6354",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6344",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6356",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6420",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6424",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6365",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6415",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6416",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6412",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6391",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6447",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6362",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6408",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6331",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6431",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6479",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6429",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6392",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6396",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6480",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6468",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6366",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6327",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6474",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6319",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6403",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6413",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6388",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6363",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6454",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6364",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6339",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6455",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6341",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6318",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6347",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6436",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6448",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6320",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6385",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6379",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6402",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6426",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6323",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6369",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6336",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6427",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6446",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6349",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6368",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6389",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6357",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6476",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6401",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6326",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6340",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6337",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6473",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6375",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6409",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6390",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6335",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6393",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6324",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6445",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6404",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6360",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6398",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6430",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6406",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6444",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6330",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6355",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6407",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6374",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6383",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6451",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3204"
          },
          {
            "db": "BID",
            "id": "2607"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0385"
          }
        ]
      },
      "id": "VAR-200107-0175",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3204"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T22:45:30.571000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0385"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/2607"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0281.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/6664"
          },
          {
            "trust": 1.1,
            "url": "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/81099"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6400"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6348.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6351.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2575"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2598"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/6400"
          },
          {
            "trust": 0.3,
            "url": "http://www.lotus.com/home.nsf/welcome/domino"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6323.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6330.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6392.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6444.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6455.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6468.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6452.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6327.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6395.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6485.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6402.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6362.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6366.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6336.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6451.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6334.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6406.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6427.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.iss.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6343.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6326.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6319.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6344.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6398.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6428.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6353.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6356.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6390.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6450.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6446.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6368.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6332.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6359.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6376.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6354.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6378.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6374.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6394.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6383.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6411.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6414.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6481.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6349.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6365.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6382.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6403.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6324.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6329.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6437.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6388.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6415.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6424.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6342.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6337.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6357.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/alerts/vol-6_num-6.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6407.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6379.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6389.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6436.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6466.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6412.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6448.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6400.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6318.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6478.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6454.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6372.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6420.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6335.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6345.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6479.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6355.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6321.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6364.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6476.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6393.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6391.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6341.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6371.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6429.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6369.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6405.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6431.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6422.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6410.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6347.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6360.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6401.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6413.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6474.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6477.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6385.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6473.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6328.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6377.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6416.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6339.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6367.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6445.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6453.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6375.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/maillists/index.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6475.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6430.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6340.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6396.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6426.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6331.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6386.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/sensitive.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6333.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6480.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6409.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6447.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6404.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6320.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6408.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6322.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6363.php"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3204"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0385"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-3204",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2607",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-037",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0385",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3204",
            "ident": null
          },
          {
            "date": "2001-04-17T00:00:00",
            "db": "BID",
            "id": "2607",
            "ident": null
          },
          {
            "date": "2001-04-11T00:00:00",
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "date": "2001-05-16T01:07:09",
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "date": "2001-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200107-037",
            "ident": null
          },
          {
            "date": "2001-07-02T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0385",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3204",
            "ident": null
          },
          {
            "date": "2009-07-11T06:06:00",
            "db": "BID",
            "id": "2607",
            "ident": null
          },
          {
            "date": "2001-04-11T00:00:00",
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200107-037",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-0385",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-037"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "Lotus Domino vulnerable to a denial of service via DOS device request",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "2607"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-037"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-200106-0199

    Vulnerability from variot - Updated: 2026-04-10 22:29

    banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. DIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host. PHP-Nuke 4.4 and previous versions of banners.php have vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6

    X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php

    This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php


    Contents: * 120 Reported Vulnerabilities * Risk Factor Key


    Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php

    Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php

    Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php

    Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php

    Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php

    Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php

    Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php

    Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php

    Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php

    Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php

    Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php

    Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php

    Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php

    Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php

    Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php

    Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php

    Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php

    Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php

    Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php

    Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php

    Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php

    Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php

    Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php

    Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php

    Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php

    Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php

    Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php

    Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php

    Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php

    Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php

    Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php

    Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php

    Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php

    Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php

    Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php

    Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php

    Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php

    Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php

    Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php

    Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php

    Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php

    Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php

    Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php

    Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php

    Date Reported: 04/16/2001 Brief Description: Microsoft Internet Explorer altering CLSID action allows malicious file execution Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
    Vulnerability: ie-clsid-execute-files X-Force URL: http://xforce.iss.net/static/6426.php

    Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php

    Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php

    Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php

    Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php

    Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php

    Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php

    Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php

    Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php

    Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php

    Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php

    Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php

    Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php

    Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php

    Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php

    Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php

    Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php

    Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php

    Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php

    Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php

    Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php

    Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php

    Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php

    Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php

    Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php

    Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php

    Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php

    Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php

    Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php

    Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php

    Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php

    Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php

    Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php

    Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php

    Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php

    Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php

    Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php

    Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php

    Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php

    Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php

    Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php

    Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php

    Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php

    Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php

    Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php


    Risk Factor Key:

        High    Any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server. 
        Medium  Any vulnerability that provides information that has a
                high potential of giving system access to an intruder. 
                Example: A misconfigured TFTP or vulnerable NIS server
                that allows an intruder to get the password file that
                could contain an account with a guessable password. 
        Low     Any vulnerability that provides information that
                potentially could lead to a compromise.  Example:  A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via brute force methods.
    

    About Internet Security Systems (ISS)

    Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.

    Copyright (c) 2001 by Internet Security Systems, Inc.

    Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.

    Disclaimer

    The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

    X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.

    Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv

    iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": "php-nuke",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.6"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.5"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.4"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.3"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.7"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0383"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Reported to bugtraq by Juan Diego \u003cdiego@linuxcolombia.com.co\u003e on Mon, 2 Apr 2001",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-087"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2001-0383",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-0383",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-3202",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-0383",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#890128",
                "trust": 0.8,
                "value": "5.07"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#642760",
                "trust": 0.8,
                "value": "10.50"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200106-087",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3202",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3202"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0383"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. \nDIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host. PHP-Nuke 4.4 and previous versions of banners.php have vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported:          04/02/2001\nBrief Description:      The Bat! masked file type in email attachment\n                        could allow execution of code\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     The Bat! 1.49 and earlier\nVulnerability:          thebat-masked-file-type\nX-Force URL:            http://xforce.iss.net/static/6324.php\n\nDate Reported:          04/02/2001\nBrief Description:      PHP-Nuke could allow attackers to redirect ad\n                        banner URL links\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     PHP-Nuke 4.4 and earlier\nVulnerability:          php-nuke-url-redirect\nX-Force URL:            http://xforce.iss.net/static/6342.php\n\nDate Reported:          04/03/2001\nBrief Description:      Orinoco RG-1000 Residential Gateway default SSID\n                        reveals WEP encryption key\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Orinoco Residential Gateway RG-1000\nVulnerability:          orinoco-rg1000-wep-key\nX-Force URL:            http://xforce.iss.net/static/6328.php\n\nDate Reported:          04/03/2001\nBrief Description:      Navision Financials server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Navision Financials 2.5 and 2.6\nVulnerability:          navision-server-dos\nX-Force URL:            http://xforce.iss.net/static/6318.php\n\nDate Reported:          04/03/2001\nBrief Description:      uStorekeeper online shopping system allows\n                        remote file retrieval\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     uStorekeeper 1.61\nVulnerability:          ustorekeeper-retrieve-files\nX-Force URL:            http://xforce.iss.net/static/6319.php\n\nDate Reported:          04/03/2001\nBrief Description:      Resin server allows remote attackers to view\n                        Javabean files\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Resin 1.2.x, Resin 1.3b1\nVulnerability:          resin-view-javabean\nX-Force URL:            http://xforce.iss.net/static/6320.php\n\nDate Reported:          04/03/2001\nBrief Description:      BPFTP could allow attackers to obtain login\n                        credentials\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BPFTP 2.0\nVulnerability:          bpftp-obtain-credentials\nX-Force URL:            http://xforce.iss.net/static/6330.php\n\nDate Reported:          04/04/2001\nBrief Description:      Ntpd server readvar control message buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n                        Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n                        Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n                        earlier, FreeBSD 4.2-Stable, Mandrake Linux\n                        Corporate Server 1.0.1, Mandrake Linux 7.2,\n                        Trustix Secure Linux, Immunix Linux 7.0, \n                        NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n                        eServer 2.3.1\nVulnerability:          ntpd-remote-bo\nX-Force URL:            http://xforce.iss.net/static/6321.php\n\nDate Reported:          04/04/2001\nBrief Description:      Cisco CSS debug mode allows users to gain\n                        administrative access\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco Content Services Switch 11050, Cisco \n                        Content Services Switch 11150, Cisco Content\n                        Services Switch 11800\nVulnerability:          cisco-css-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6322.php\n\nDate Reported:          04/04/2001\nBrief Description:      BEA Tuxedo may allow access to remote services\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BEA Tuxedo 7.1\nVulnerability:          bea-tuxedo-remote-access\nX-Force URL:            http://xforce.iss.net/static/6326.php\n\nDate Reported:          04/05/2001\nBrief Description:      Ultimate Bulletin Board could allow attackers to\n                        bypass authentication\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Ultimate Bulletin Board 5.43, Ultimate Bulletin\n                        Board 5.4.7e\nVulnerability:          ultimatebb-bypass-authentication\nX-Force URL:            http://xforce.iss.net/static/6339.php\n\nDate Reported:          04/05/2001\nBrief Description:      BinTec X4000 NMAP denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n                        BinTec X1200\nVulnerability:          bintec-x4000-nmap-dos\nX-Force URL:            http://xforce.iss.net/static/6323.php\n\nDate Reported:          04/05/2001\nBrief Description:      WatchGuard Firebox II kernel denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     WatchGuard Firebox II prior to 4.6\nVulnerability:          firebox-kernel-dos\nX-Force URL:            http://xforce.iss.net/static/6327.php\n\nDate Reported:          04/06/2001\nBrief Description:      Cisco PIX denial of service due to multiple \n                        TACACS+ requests\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco PIX Firewall 5.1.4\nVulnerability:          cisco-pix-tacacs-dos\nX-Force URL:            http://xforce.iss.net/static/6353.php\n\nDate Reported:          04/06/2001\nBrief Description:      Darren Reed\u0027s IP Filter allows attackers to\n                        access UDP and TCP ports\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IP Filter 3.4.16\nVulnerability:          ipfilter-access-ports\nX-Force URL:            http://xforce.iss.net/static/6331.php\n\nDate Reported:          04/06/2001\nBrief Description:      Veritas NetBackup nc (netcat) command denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     NetBackup 3.2\nVulnerability:          veritas-netbackup-nc-dos\nX-Force URL:            http://xforce.iss.net/static/6329.php\n\nDate Reported:          04/08/2001\nBrief Description:      PGP may allow malicious users to access\n                        authenticated split keys\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     PGP 7.0\nVulnerability:          nai-pgp-split-keys\nX-Force URL:            http://xforce.iss.net/static/6341.php\n\nDate Reported:          04/09/2001\nBrief Description:      Solaris kcms_configure command line buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcms-command-bo\nX-Force URL:            http://xforce.iss.net/static/6359.php\n\nDate Reported:          04/09/2001\nBrief Description:      TalkBack CGI script could allow remote attackers\n                        to read files on the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     TalkBack prior to 1.2\nVulnerability:          talkback-cgi-read-files\nX-Force URL:            http://xforce.iss.net/static/6340.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) implementation\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n                        HP-UX 11.00, NetBSD\nVulnerability:          ftp-glob-implementation\nX-Force URL:            http://xforce.iss.net/static/6333.php\n\nDate Reported:          04/09/2001\nBrief Description:      Pine mail client temp file symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n                        Linux 6.2, Red Hat Linux 7.0\nVulnerability:          pine-tmp-file-symlink\nX-Force URL:            http://xforce.iss.net/static/6367.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) expansion\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n                        OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability:          ftp-glob-expansion\nX-Force URL:            http://xforce.iss.net/static/6332.php\n\nDate Reported:          04/09/2001\nBrief Description:      Netscape embedded JavaScript in GIF file \n                        comments can be used to access remote data\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape Communicator 4.76, Red Hat Linux 6.2,\n                        Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n                        7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n                        Red Hat Linux 7.1\nVulnerability:          netscape-javascript-access-data\nX-Force URL:            http://xforce.iss.net/static/6344.php\n\nDate Reported:          04/09/2001\nBrief Description:      STRIP generates weak passwords\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     STRIP 0.5 and earlier\nVulnerability:          strip-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6362.php\n\nDate Reported:          04/10/2001\nBrief Description:      Solaris Xsun HOME environment variable buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-xsun-home-bo\nX-Force URL:            http://xforce.iss.net/static/6343.php\n\nDate Reported:          04/10/2001\nBrief Description:      Compaq Presario Active X denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Compaq Presario, Windows 98, Windows ME\nVulnerability:          compaq-activex-dos\nX-Force URL:            http://xforce.iss.net/static/6355.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-expert-account\nX-Force URL:            http://xforce.iss.net/static/6354.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on LAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-lan-access\nX-Force URL:            http://xforce.iss.net/static/6336.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on WAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-wan-access\nX-Force URL:            http://xforce.iss.net/static/6337.php\n\nDate Reported:          04/10/2001\nBrief Description:      Oracle Application Server shared library\n                        (ndwfn4.so) buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     iPlanet Web Server 4.x, Oracle Application\n                        Server 4.0.8.2\nVulnerability:          oracle-appserver-ndwfn4-bo\nX-Force URL:            http://xforce.iss.net/static/6334.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems use blank password by\n                        default\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-blank-password\nX-Force URL:            http://xforce.iss.net/static/6335.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris dtsession buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-dtsession-bo\nX-Force URL:            http://xforce.iss.net/static/6366.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcssunwiosolf-bo\nX-Force URL:            http://xforce.iss.net/static/6365.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lightwave ConsoleServer brute force password\n                        attack\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Lightwave ConsoleServer 3200\nVulnerability:          lightwave-consoleserver-brute-force\nX-Force URL:            http://xforce.iss.net/static/6345.php\n\nDate Reported:          04/11/2001\nBrief Description:      nph-maillist allows user to execute code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Email List Generator 3.5 and earlier\nVulnerability:          nph-maillist-execute-code\nX-Force URL:            http://xforce.iss.net/static/6363.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost Configuration Server denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5\nVulnerability:          ghost-configuration-server-dos\nX-Force URL:            http://xforce.iss.net/static/6357.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server DOS device denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-device-dos\nX-Force URL:            http://xforce.iss.net/static/6348.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server HTTP header denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-header-dos\nX-Force URL:            http://xforce.iss.net/static/6347.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server URL parsing denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-url-dos\nX-Force URL:            http://xforce.iss.net/static/6351.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server CORBA denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-corba-dos\nX-Force URL:            http://xforce.iss.net/static/6350.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost database engine denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5, Sybase Adaptive Server Database\n                        Engine 6.0.3.2747\nVulnerability:          ghost-database-engine-dos\nX-Force URL:            http://xforce.iss.net/static/6356.php\n\nDate Reported:          04/11/2001\nBrief Description:      cfingerd daemon remote format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Debian Linux 2.1, Debian Linux 2.2, cfingerd\n                        1.4.3 and earlier\nVulnerability:          cfingerd-remote-format-string\nX-Force URL:            http://xforce.iss.net/static/6364.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server Unicode denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-unicode-dos\nX-Force URL:            http://xforce.iss.net/static/6349.php\n\nDate Reported:          04/11/2001\nBrief Description:      Linux mkpasswd generates weak passwords\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability:          mkpasswd-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6382.php\n\nDate Reported:          04/12/2001\nBrief Description:      Solaris ipcs utility buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-ipcs-bo\nX-Force URL:            http://xforce.iss.net/static/6369.php\n\nDate Reported:          04/12/2001\nBrief Description:      InterScan VirusWall ISADMIN service buffer \n                        overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel , InterScan VirusWall 3.0.1\nVulnerability:          interscan-viruswall-isadmin-bo\nX-Force URL:            http://xforce.iss.net/static/6368.php\n\nDate Reported:          04/12/2001\nBrief Description:      HylaFAX hfaxd format string\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n                        Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n                        Mandrake Linux 7.2, Mandrake Linux Corporate\n                        Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability:          hylafax-hfaxd-format-string\nX-Force URL:            http://xforce.iss.net/static/6377.php\n\nDate Reported:          04/12/2001\nBrief Description:      Cisco VPN 3000 Concentrators invalid IP Option\n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability:          cisco-vpn-ip-dos\nX-Force URL:            http://xforce.iss.net/static/6360.php\n\nDate Reported:          04/13/2001\nBrief Description:      Net.Commerce package in IBM WebSphere reveals\n                        installation path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n                        7, Windows NT 4.0\nVulnerability:          ibm-websphere-reveals-path\nX-Force URL:            http://xforce.iss.net/static/6371.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Term 5.0, QVT/Net 5.0\nVulnerability:          qpc-ftpd-bo\nX-Force URL:            http://xforce.iss.net/static/6376.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     QVT/Net 5.0, QVT/Term 5.0\nVulnerability:          qpc-ftpd-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6375.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC popd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Net 5.0\nVulnerability:          qpc-popd-bo\nX-Force URL:            http://xforce.iss.net/static/6374.php\n\nDate Reported:          04/13/2001\nBrief Description:      NCM Content Management System access database\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     NCM Content Management System\nVulnerability:          ncm-content-database-access\nX-Force URL:            http://xforce.iss.net/static/6386.php\n\nDate Reported:          04/13/2001\nBrief Description:      Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape SmartDownload 1.3, Windows NT, Windows\n                        95, Windows 98\nVulnerability:          netscape-smartdownload-sdph20-bo\nX-Force URL:            http://xforce.iss.net/static/6403.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer accept buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-accept-bo\nX-Force URL:            http://xforce.iss.net/static/6404.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer cancel buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-cancel-bo\nX-Force URL:            http://xforce.iss.net/static/6406.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer disable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-disable-bo\nX-Force URL:            http://xforce.iss.net/static/6407.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer enable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-enable-bo\nX-Force URL:            http://xforce.iss.net/static/6409.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lp buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lp-bo\nX-Force URL:            http://xforce.iss.net/static/6410.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpfilter buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpfilter-bo\nX-Force URL:            http://xforce.iss.net/static/6411.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpstat buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpstat-bo\nX-Force URL:            http://xforce.iss.net/static/6413.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer reject buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-reject-bo\nX-Force URL:            http://xforce.iss.net/static/6414.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer rmail buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-rmail-bo\nX-Force URL:            http://xforce.iss.net/static/6415.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer tput buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-tput-bo\nX-Force URL:            http://xforce.iss.net/static/6416.php\n\nDate Reported:          04/13/2001\nBrief Description:      IBM WebSphere CGI macro denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n                        4.3.x, Solaris 7\nVulnerability:          ibm-websphere-macro-dos\nX-Force URL:            http://xforce.iss.net/static/6372.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpmove buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpmove-bo\nX-Force URL:            http://xforce.iss.net/static/6412.php\n\nDate Reported:          04/14/2001\nBrief Description:      Siemens Reliant Unix ppd -T symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n                        Unix 5.44\nVulnerability:          reliant-unix-ppd-symlink\nX-Force URL:            http://xforce.iss.net/static/6408.php\n\nDate Reported:          04/15/2001\nBrief Description:      Linux Exuberant Ctags package symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, exuberant-ctags\nVulnerability:          exuberant-ctags-symlink\nX-Force URL:            http://xforce.iss.net/static/6388.php\n\nDate Reported:          04/15/2001\nBrief Description:      processit.pl CGI could allow attackers to view\n                        sensitive information about the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     processit.pl\nVulnerability:          processit-cgi-view-info\nX-Force URL:            http://xforce.iss.net/static/6385.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft ISA Server Web Proxy denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft ISA Server 2000\nVulnerability:          isa-web-proxy-dos\nX-Force URL:            http://xforce.iss.net/static/6383.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft Internet Explorer altering CLSID\n                        action allows malicious file execution\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Windows 2000, Internet Explorer 5.5, Windows 98                       \nVulnerability:          ie-clsid-execute-files\nX-Force URL:            http://xforce.iss.net/static/6426.php\n\nDate Reported:          04/16/2001\nBrief Description:      Cisco Catalyst 5000 series switch 802.1x denial\n                        of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco Catalyst 5000 Series\nVulnerability:          cisco-catalyst-8021x-dos\nX-Force URL:            http://xforce.iss.net/static/6379.php\n\nDate Reported:          04/16/2001\nBrief Description:      BubbleMon allows users to gain elevated \n                        privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     BubbleMon prior to 1.32, FreeBSD\nVulnerability:          bubblemon-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6378.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6391.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field allows attacker to upload\n                        files\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-file-upload\nX-Force URL:            http://xforce.iss.net/static/6393.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field EXPR allows attacker to\n                        execute commands\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-expr\nX-Force URL:            http://xforce.iss.net/static/6392.php\n\nDate Reported:          04/16/2001\nBrief Description:      Linux NetFilter IPTables\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability:          linux-netfilter-iptables\nX-Force URL:            http://xforce.iss.net/static/6390.php\n\nDate Reported:          04/17/2001\nBrief Description:      Xitami Web server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability:          xitami-server-dos\nX-Force URL:            http://xforce.iss.net/static/6389.php\n\nDate Reported:          04/17/2001\nBrief Description:      Samba tmpfile symlink attack could allow\n                        elevated privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n                        Progeny Linux, Caldera OpenLinux eBuilder,\n                        Trustix Secure Linux 1.01, Mandrake Linux \n                        Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n                        Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n                        Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n                        OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability:          samba-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6396.php\n\nDate Reported:          04/17/2001\nBrief Description:      GoAhead WebServer \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability:          goahead-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6400.php\n\nDate Reported:          04/17/2001\nBrief Description:      AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     SimpleServer:WWW 1.03 to 1.08\nVulnerability:          analogx-simpleserver-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6395.php\n\nDate Reported:          04/17/2001\nBrief Description:      Viking Server hexadecimal URL encoded format\n                        directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server prior to 1.07-381\nVulnerability:          viking-hex-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6394.php\n\nDate Reported:          04/17/2001\nBrief Description:      Solaris FTP server allows attacker to recover\n                        shadow file\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 2.6\nVulnerability:          solaris-ftp-shadow-recovery\nX-Force URL:            http://xforce.iss.net/static/6422.php\n\nDate Reported:          04/18/2001\nBrief Description:      The Bat! pop3 denial of service\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     The Bat! 1.51, Windows\nVulnerability:          thebat-pop3-dos\nX-Force URL:            http://xforce.iss.net/static/6423.php\n\nDate Reported:          04/18/2001\nBrief Description:      Eudora allows attacker to obtain files using\n                        plain text attachments\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Eudora 5.0.2\nVulnerability:          eudora-plain-text-attachment\nX-Force URL:            http://xforce.iss.net/static/6431.php\n\nDate Reported:          04/18/2001\nBrief Description:      VMware vmware-mount.pl symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     VMware\nVulnerability:          vmware-mount-symlink\nX-Force URL:            http://xforce.iss.net/static/6420.php\n\nDate Reported:          04/18/2001\nBrief Description:      KFM tmpfile symbolic link could allow local\n                        attackers to overwrite files\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 7.0, K File Manager (KFM)\nVulnerability:          kfm-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6428.php\n\nDate Reported:          04/18/2001\nBrief Description:      CyberScheduler timezone remote buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     CyberScheduler, Mandrake Linux, Windows 2000,\n                        IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n                        Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n                        Linux, Solaris 2.5, Solaris 2.6, Caldera \n                        OpenLinux, Windows NT\nVulnerability:          cyberscheduler-timezone-bo\nX-Force URL:            http://xforce.iss.net/static/6401.php\n\nDate Reported:          04/18/2001\nBrief Description:      Microsoft Data Access Component Internet\n                        Publishing Provider allows WebDAV access\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft Data Access Component 8.103.2519.0,\n                        Windows 95, Windows NT 4.0, Windows 98, Windows\n                        98 Second Edition, Windows 2000, Windows ME \nVulnerability:          ms-dacipp-webdav-access\nX-Force URL:            http://xforce.iss.net/static/6405.php\n\nDate Reported:          04/18/2001\nBrief Description:      Oracle tnslsnr80.exe denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability:          oracle-tnslsnr80-dos\nX-Force URL:            http://xforce.iss.net/static/6427.php\n\nDate Reported:          04/18/2001\nBrief Description:      innfeed -c flag buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux, Slackware Linux, Mandrake Linux,\n                        INN prior to 2.3.1\nVulnerability:          innfeed-c-bo\nX-Force URL:            http://xforce.iss.net/static/6398.php\n\nDate Reported:          04/18/2001\nBrief Description:      iPlanet Calendar Server stores username and\n                        password in plaintext\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     iPlanet Calendar Server 5.0p2\nVulnerability:          iplanet-calendar-plaintext-password\nX-Force URL:            http://xforce.iss.net/static/6402.php\n\nDate Reported:          04/18/2001\nBrief Description:      Linux NEdit symlink when printing\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n                        2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n                        SuSE Linux 7.0, Mandrake Linux Corporate Server\n                        1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability:          nedit-print-symlink\nX-Force URL:            http://xforce.iss.net/static/6424.php\n\nDate Reported:          04/19/2001\nBrief Description:      CheckBO TCP buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     CheckBO 1.56 and earlier\nVulnerability:          checkbo-tcp-bo\nX-Force URL:            http://xforce.iss.net/static/6436.php\n\nDate Reported:          04/19/2001\nBrief Description:      HP-UX pcltotiff uses insecure permissions\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n                        HP-UX 10.26\nVulnerability:          hp-pcltotiff-insecure-permissions\nX-Force URL:            http://xforce.iss.net/static/6447.php\n\nDate Reported:          04/19/2001\nBrief Description:      Netopia Timbuktu allows unauthorized system\n                        access\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Timbuktu Pro, Macintosh OS X\nVulnerability:          netopia-timbuktu-gain-access\nX-Force URL:            http://xforce.iss.net/static/6452.php\n\nDate Reported:          04/20/2001\nBrief Description:      Cisco CBOS could allow attackers to gain \n                        privileged information\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability:          cisco-cbos-gain-information\nX-Force URL:            http://xforce.iss.net/static/6453.php\n\nDate Reported:          04/20/2001\nBrief Description:      Internet Explorer 5.x allows active scripts \n                        using XML stylesheets\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Internet Explorer 5.x, Outlook Express 5.x\nVulnerability:          ie-xml-stylesheets-scripting\nX-Force URL:            http://xforce.iss.net/static/6448.php\n\nDate Reported:          04/20/2001\nBrief Description:      Linux gftp format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     gftp prior to 2.0.8, Mandrake Linux 8.0, \n                        Mandrake Linux Corporate Server 1.0.1, Immunix\n                        Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n                        7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n                        Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n                        Linux 7.0\nVulnerability:          gftp-format-string\nX-Force URL:            http://xforce.iss.net/static/6478.php\n\nDate Reported:          04/20/2001\nBrief Description:      Novell BorderManager VPN client SYN requests \n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Novell BorderManager 3.5\nVulnerability:          bordermanager-vpn-syn-dos\nX-Force URL:            http://xforce.iss.net/static/6429.php\n\nDate Reported:          04/20/2001\nBrief Description:      SAFT sendfiled could allow the execution of\n                        arbitrary code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability:          saft-sendfiled-execute-code\nX-Force URL:            http://xforce.iss.net/static/6430.php\n\nDate Reported:          04/21/2001\nBrief Description:      Mercury MTA for Novell Netware buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability:          mercury-mta-bo\nX-Force URL:            http://xforce.iss.net/static/6444.php\n\nDate Reported:          04/21/2001\nBrief Description:      QNX allows attacker to read files on FAT \n                        partition\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QNX 2.4\nVulnerability:          qnx-fat-file-read\nX-Force URL:            http://xforce.iss.net/static/6437.php\n\nDate Reported:          04/23/2001\nBrief Description:      Viking Server \"dot dot\" (\\...\\) directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server 1.0.7\nVulnerability:          viking-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6450.php\n\nDate Reported:          04/24/2001\nBrief Description:      NetCruiser Web Server could reveal directory\n                        path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     NetCruiser Web Server 0.1.2.8\nVulnerability:          netcruiser-server-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6468.php\n\nDate Reported:          04/24/2001\nBrief Description:      Perl Web Server directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Perl Web Server 0.3 and prior\nVulnerability:          perl-webserver-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6451.php\n\nDate Reported:          04/24/2001\nBrief Description:      Small HTTP Server /aux denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Small HTTP Server 2.03\nVulnerability:          small-http-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6446.php\n\nDate Reported:          04/24/2001\nBrief Description:      IPSwitch IMail SMTP daemon mailing list handler\n                        buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     IPSwitch Imail 6.06 and earlier\nVulnerability:          ipswitch-imail-smtp-bo\nX-Force URL:            http://xforce.iss.net/static/6445.php\n\nDate Reported:          04/25/2001\nBrief Description:      MIT Kerberos 5 could allow attacker to gain root\n                        access by injecting base64-encoded data\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     MIT Kerberos 5\nVulnerability:          kerberos-inject-base64-encode\nX-Force URL:            http://xforce.iss.net/static/6454.php\n\nDate Reported:          04/26/2001\nBrief Description:      IRIX netprint -n allows attacker to access\n                        shared library\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     IRIX 6.x\nVulnerability:          irix-netprint-shared-library\nX-Force URL:            http://xforce.iss.net/static/6473.php\n\nDate Reported:          04/26/2001\nBrief Description:      WebXQ \"dot dot\" directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Windows, WebXQ 2.1.204\nVulnerability:          webxq-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6466.php\n\nDate Reported:          04/26/2001\nBrief Description:      RaidenFTPD \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability:          raidenftpd-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6455.php\n\nDate Reported:          04/27/2001\nBrief Description:      PerlCal CGI cal_make.pl script directory\n                        traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Unix, PerlCal 2.95 and prior\nVulnerability:          perlcal-calmake-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6480.php\n\nDate Reported:          04/28/2001\nBrief Description:      ICQ Web Front plugin denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability:          icq-webfront-dos\nX-Force URL:            http://xforce.iss.net/static/6474.php\n\nDate Reported:          04/28/2001\nBrief Description:      Alex FTP Server \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Alex\u0027s FTP Server 0.7\nVulnerability:          alex-ftp-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6475.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver FTP path disclosure\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-ftp-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6477.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver Web server \"dot dot\" directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-web-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6476.php\n\nDate Reported:          04/29/2001\nBrief Description:      Winamp AIP buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Winamp 2.6x and 2.7x\nVulnerability:          winamp-aip-bo\nX-Force URL:            http://xforce.iss.net/static/6479.php\n\nDate Reported:          04/29/2001\nBrief Description:      BearShare \"dot dot\" allows remote attacker to traverse\n                        directories and download any file\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BearShare 2.2.2 and prior, Windows 95, Windows\n                        98, Windows ME\nVulnerability:          bearshare-dot-download-files\nX-Force URL:            http://xforce.iss.net/static/6481.php\n\nDate Reported:          05/01/2001\nBrief Description:      IIS 5.0 ISAPI extension buffer overflow\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IIS 5.0, Windows 2000 Server, Windows 2000\n                        Advanced Server, Windows 2000 Datacenter Server\nVulnerability:          iis-isapi-bo\nX-Force URL:            http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n        High    Any vulnerability that provides an attacker with immediate\n                access into a machine, gains superuser access, or bypasses\n                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version\n                that allows an intruder to execute commands on mail\n                server. \n        Medium  Any vulnerability that provides information that has a\n                high potential of giving system access to an intruder. \n                Example: A misconfigured TFTP or vulnerable NIS server\n                that allows an intruder to get the password file that\n                could contain an account with a guessable password. \n        Low     Any vulnerability that provides information that\n                potentially could lead to a compromise.  Example:  A\n                finger that allows an intruder to find out who is online\n                and potential accounts to attempt to crack passwords\n                via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business.  With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies.  Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East.  For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0383"
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3202"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          }
        ],
        "trust": 3.51
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-3202",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3202"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-0383",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2544",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 1.1
          },
          {
            "db": "XF",
            "id": "6348",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6351",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.9
          },
          {
            "db": "BID",
            "id": "2575",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "2598",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-087",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "6342",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20010401 PHP-NUKE EXPLOIT...",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "20729",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-74591",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-3202",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6382",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6475",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6343",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6386",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6328",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6333",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6334",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6376",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6345",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6422",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6322",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6378",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6453",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6405",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6321",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6377",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6428",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6450",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6332",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6410",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6478",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6359",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6485",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6414",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6371",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6477",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6395",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6394",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6353",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6466",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6481",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6329",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6372",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6437",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6367",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6411",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6452",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6354",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6344",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6356",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6420",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6424",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6365",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6415",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6416",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6412",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6391",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6447",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6362",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6408",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6331",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6431",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6479",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6429",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6392",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6396",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6480",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6468",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6366",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6327",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6474",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6319",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6403",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6413",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6388",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6363",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6454",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6364",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6400",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6339",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6455",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6341",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6318",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6347",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6436",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6448",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6320",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6385",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6379",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6402",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6426",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6323",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6369",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6336",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6427",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6446",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6349",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6368",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6389",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6357",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6476",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6401",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6326",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6340",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6337",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6473",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6375",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6409",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6390",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6335",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6393",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6324",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6445",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6404",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6360",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6398",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6430",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6406",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6444",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6330",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6355",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6407",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6374",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6383",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6451",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3202"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0383"
          }
        ]
      },
      "id": "VAR-200106-0199",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3202"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T22:29:17.609000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0383"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/2544"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html"
          },
          {
            "trust": 1.7,
            "url": "http://phpnuke.org/download.php?dcategory=fixes"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6342"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6348.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6351.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2575"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2598"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.7,
            "url": "http://xforce.iss.net/static/6342.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.lotus.com/home.nsf/welcome/domino"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6323.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6330.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6392.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6444.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6455.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6468.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6452.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6327.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6395.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6485.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6402.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6362.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6366.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6336.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6451.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6334.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6406.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6427.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.iss.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6343.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6326.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6319.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6344.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6398.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6428.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6353.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6356.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6390.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6450.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6446.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6368.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6332.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6359.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6376.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6354.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6378.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6374.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6394.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6383.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6411.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6414.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6481.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6349.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6365.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6382.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6403.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6324.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6329.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6437.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6388.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6415.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6424.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6337.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6357.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/alerts/vol-6_num-6.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6407.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6379.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6389.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6436.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6466.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6412.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6448.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6400.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6318.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6478.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6454.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6372.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6420.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6335.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6345.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6479.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6355.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6321.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6364.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6476.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6393.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6391.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6341.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6371.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6429.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6369.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6405.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6431.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6422.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6410.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6347.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6360.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6401.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6413.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6474.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6477.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6385.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6473.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6328.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6377.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6416.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6339.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6367.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6445.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6453.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6375.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/maillists/index.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6475.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6430.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6340.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6396.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6426.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6331.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6386.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/sensitive.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6333.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6480.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6409.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6447.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6404.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6320.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6408.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6322.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6363.php"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3202"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0383"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-3202",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-087",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0383",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-06-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3202",
            "ident": null
          },
          {
            "date": "2001-04-11T00:00:00",
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "date": "2001-05-16T01:07:09",
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "date": "2001-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-087",
            "ident": null
          },
          {
            "date": "2001-06-18T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0383",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2017-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3202",
            "ident": null
          },
          {
            "date": "2001-04-11T00:00:00",
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-087",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-0383",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-087"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "Lotus Domino vulnerable to a denial of service via DOS device request",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-087"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200107-0173

    Vulnerability from variot - Updated: 2026-04-10 22:05

    Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. DIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host. -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6

    X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php

    This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php


    Contents: * 120 Reported Vulnerabilities * Risk Factor Key


    Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php

    Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php

    Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php

    Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php

    Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php

    Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php

    Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php

    Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php

    Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php

    Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php

    Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php

    Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php

    Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php

    Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php

    Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php

    Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php

    Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php

    Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php

    Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php

    Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php

    Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php

    Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php

    Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php

    Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php

    Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php

    Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php

    Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php

    Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php

    Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php

    Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php

    Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php

    Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php

    Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php

    Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php

    Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php

    Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php

    Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php

    Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php

    Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php

    Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php

    Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php

    Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php

    Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php

    Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php

    Date Reported: 04/16/2001 Brief Description: Microsoft Internet Explorer altering CLSID action allows malicious file execution Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
    Vulnerability: ie-clsid-execute-files X-Force URL: http://xforce.iss.net/static/6426.php

    Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php

    Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php

    Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php

    Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php

    Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php

    Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php

    Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php

    Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php

    Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php

    Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php

    Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php

    Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php

    Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php

    Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php

    Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php

    Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php

    Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php

    Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php

    Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php

    Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php

    Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php

    Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php

    Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php

    Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php

    Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php

    Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php

    Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php

    Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php

    Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php

    Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php

    Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php

    Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php

    Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php

    Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php

    Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php

    Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php

    Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php

    Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php

    Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php

    Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php

    Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php

    Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php

    Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php

    Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php


    Risk Factor Key:

        High    Any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server. 
        Medium  Any vulnerability that provides information that has a
                high potential of giving system access to an intruder. 
                Example: A misconfigured TFTP or vulnerable NIS server
                that allows an intruder to get the password file that
                could contain an account with a guessable password. 
        Low     Any vulnerability that provides information that
                potentially could lead to a compromise.  Example:  A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via brute force methods.
    

    About Internet Security Systems (ISS)

    Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.

    Copyright (c) 2001 by Internet Security Systems, Inc.

    Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.

    Disclaimer

    The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

    X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.

    Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv

    iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": "cbos",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "2.3.053"
          },
          {
            "_id": null,
            "model": "cbos",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "2.4.1"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.6"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.5"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.4"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.3"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.7"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-038"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0444"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Discovered and posted to Bugtraq by \u003cpeter.grundl@defcom.com\u003e on April 11, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "2599"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-0444",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2001-0444",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-3263",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-0444",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#890128",
                "trust": 0.8,
                "value": "5.07"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#642760",
                "trust": 0.8,
                "value": "10.50"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200107-038",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3263",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3263"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-038"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0444"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Cisco CBOS 2.3.0.053 sends output of the \"sh nat\" (aka \"show nat\") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. \nDIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported:          04/02/2001\nBrief Description:      The Bat! masked file type in email attachment\n                        could allow execution of code\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     The Bat! 1.49 and earlier\nVulnerability:          thebat-masked-file-type\nX-Force URL:            http://xforce.iss.net/static/6324.php\n\nDate Reported:          04/02/2001\nBrief Description:      PHP-Nuke could allow attackers to redirect ad\n                        banner URL links\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     PHP-Nuke 4.4 and earlier\nVulnerability:          php-nuke-url-redirect\nX-Force URL:            http://xforce.iss.net/static/6342.php\n\nDate Reported:          04/03/2001\nBrief Description:      Orinoco RG-1000 Residential Gateway default SSID\n                        reveals WEP encryption key\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Orinoco Residential Gateway RG-1000\nVulnerability:          orinoco-rg1000-wep-key\nX-Force URL:            http://xforce.iss.net/static/6328.php\n\nDate Reported:          04/03/2001\nBrief Description:      Navision Financials server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Navision Financials 2.5 and 2.6\nVulnerability:          navision-server-dos\nX-Force URL:            http://xforce.iss.net/static/6318.php\n\nDate Reported:          04/03/2001\nBrief Description:      uStorekeeper online shopping system allows\n                        remote file retrieval\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     uStorekeeper 1.61\nVulnerability:          ustorekeeper-retrieve-files\nX-Force URL:            http://xforce.iss.net/static/6319.php\n\nDate Reported:          04/03/2001\nBrief Description:      Resin server allows remote attackers to view\n                        Javabean files\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Resin 1.2.x, Resin 1.3b1\nVulnerability:          resin-view-javabean\nX-Force URL:            http://xforce.iss.net/static/6320.php\n\nDate Reported:          04/03/2001\nBrief Description:      BPFTP could allow attackers to obtain login\n                        credentials\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BPFTP 2.0\nVulnerability:          bpftp-obtain-credentials\nX-Force URL:            http://xforce.iss.net/static/6330.php\n\nDate Reported:          04/04/2001\nBrief Description:      Ntpd server readvar control message buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n                        Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n                        Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n                        earlier, FreeBSD 4.2-Stable, Mandrake Linux\n                        Corporate Server 1.0.1, Mandrake Linux 7.2,\n                        Trustix Secure Linux, Immunix Linux 7.0, \n                        NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n                        eServer 2.3.1\nVulnerability:          ntpd-remote-bo\nX-Force URL:            http://xforce.iss.net/static/6321.php\n\nDate Reported:          04/04/2001\nBrief Description:      Cisco CSS debug mode allows users to gain\n                        administrative access\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco Content Services Switch 11050, Cisco \n                        Content Services Switch 11150, Cisco Content\n                        Services Switch 11800\nVulnerability:          cisco-css-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6322.php\n\nDate Reported:          04/04/2001\nBrief Description:      BEA Tuxedo may allow access to remote services\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BEA Tuxedo 7.1\nVulnerability:          bea-tuxedo-remote-access\nX-Force URL:            http://xforce.iss.net/static/6326.php\n\nDate Reported:          04/05/2001\nBrief Description:      Ultimate Bulletin Board could allow attackers to\n                        bypass authentication\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Ultimate Bulletin Board 5.43, Ultimate Bulletin\n                        Board 5.4.7e\nVulnerability:          ultimatebb-bypass-authentication\nX-Force URL:            http://xforce.iss.net/static/6339.php\n\nDate Reported:          04/05/2001\nBrief Description:      BinTec X4000 NMAP denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n                        BinTec X1200\nVulnerability:          bintec-x4000-nmap-dos\nX-Force URL:            http://xforce.iss.net/static/6323.php\n\nDate Reported:          04/05/2001\nBrief Description:      WatchGuard Firebox II kernel denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     WatchGuard Firebox II prior to 4.6\nVulnerability:          firebox-kernel-dos\nX-Force URL:            http://xforce.iss.net/static/6327.php\n\nDate Reported:          04/06/2001\nBrief Description:      Cisco PIX denial of service due to multiple \n                        TACACS+ requests\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco PIX Firewall 5.1.4\nVulnerability:          cisco-pix-tacacs-dos\nX-Force URL:            http://xforce.iss.net/static/6353.php\n\nDate Reported:          04/06/2001\nBrief Description:      Darren Reed\u0027s IP Filter allows attackers to\n                        access UDP and TCP ports\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IP Filter 3.4.16\nVulnerability:          ipfilter-access-ports\nX-Force URL:            http://xforce.iss.net/static/6331.php\n\nDate Reported:          04/06/2001\nBrief Description:      Veritas NetBackup nc (netcat) command denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     NetBackup 3.2\nVulnerability:          veritas-netbackup-nc-dos\nX-Force URL:            http://xforce.iss.net/static/6329.php\n\nDate Reported:          04/08/2001\nBrief Description:      PGP may allow malicious users to access\n                        authenticated split keys\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     PGP 7.0\nVulnerability:          nai-pgp-split-keys\nX-Force URL:            http://xforce.iss.net/static/6341.php\n\nDate Reported:          04/09/2001\nBrief Description:      Solaris kcms_configure command line buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcms-command-bo\nX-Force URL:            http://xforce.iss.net/static/6359.php\n\nDate Reported:          04/09/2001\nBrief Description:      TalkBack CGI script could allow remote attackers\n                        to read files on the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     TalkBack prior to 1.2\nVulnerability:          talkback-cgi-read-files\nX-Force URL:            http://xforce.iss.net/static/6340.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) implementation\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n                        HP-UX 11.00, NetBSD\nVulnerability:          ftp-glob-implementation\nX-Force URL:            http://xforce.iss.net/static/6333.php\n\nDate Reported:          04/09/2001\nBrief Description:      Pine mail client temp file symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n                        Linux 6.2, Red Hat Linux 7.0\nVulnerability:          pine-tmp-file-symlink\nX-Force URL:            http://xforce.iss.net/static/6367.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) expansion\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n                        OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability:          ftp-glob-expansion\nX-Force URL:            http://xforce.iss.net/static/6332.php\n\nDate Reported:          04/09/2001\nBrief Description:      Netscape embedded JavaScript in GIF file \n                        comments can be used to access remote data\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape Communicator 4.76, Red Hat Linux 6.2,\n                        Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n                        7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n                        Red Hat Linux 7.1\nVulnerability:          netscape-javascript-access-data\nX-Force URL:            http://xforce.iss.net/static/6344.php\n\nDate Reported:          04/09/2001\nBrief Description:      STRIP generates weak passwords\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     STRIP 0.5 and earlier\nVulnerability:          strip-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6362.php\n\nDate Reported:          04/10/2001\nBrief Description:      Solaris Xsun HOME environment variable buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-xsun-home-bo\nX-Force URL:            http://xforce.iss.net/static/6343.php\n\nDate Reported:          04/10/2001\nBrief Description:      Compaq Presario Active X denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Compaq Presario, Windows 98, Windows ME\nVulnerability:          compaq-activex-dos\nX-Force URL:            http://xforce.iss.net/static/6355.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-expert-account\nX-Force URL:            http://xforce.iss.net/static/6354.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on LAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-lan-access\nX-Force URL:            http://xforce.iss.net/static/6336.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on WAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-wan-access\nX-Force URL:            http://xforce.iss.net/static/6337.php\n\nDate Reported:          04/10/2001\nBrief Description:      Oracle Application Server shared library\n                        (ndwfn4.so) buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     iPlanet Web Server 4.x, Oracle Application\n                        Server 4.0.8.2\nVulnerability:          oracle-appserver-ndwfn4-bo\nX-Force URL:            http://xforce.iss.net/static/6334.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems use blank password by\n                        default\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-blank-password\nX-Force URL:            http://xforce.iss.net/static/6335.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris dtsession buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-dtsession-bo\nX-Force URL:            http://xforce.iss.net/static/6366.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcssunwiosolf-bo\nX-Force URL:            http://xforce.iss.net/static/6365.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lightwave ConsoleServer brute force password\n                        attack\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Lightwave ConsoleServer 3200\nVulnerability:          lightwave-consoleserver-brute-force\nX-Force URL:            http://xforce.iss.net/static/6345.php\n\nDate Reported:          04/11/2001\nBrief Description:      nph-maillist allows user to execute code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Email List Generator 3.5 and earlier\nVulnerability:          nph-maillist-execute-code\nX-Force URL:            http://xforce.iss.net/static/6363.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost Configuration Server denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5\nVulnerability:          ghost-configuration-server-dos\nX-Force URL:            http://xforce.iss.net/static/6357.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server DOS device denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-device-dos\nX-Force URL:            http://xforce.iss.net/static/6348.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server HTTP header denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-header-dos\nX-Force URL:            http://xforce.iss.net/static/6347.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server URL parsing denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-url-dos\nX-Force URL:            http://xforce.iss.net/static/6351.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server CORBA denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-corba-dos\nX-Force URL:            http://xforce.iss.net/static/6350.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost database engine denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5, Sybase Adaptive Server Database\n                        Engine 6.0.3.2747\nVulnerability:          ghost-database-engine-dos\nX-Force URL:            http://xforce.iss.net/static/6356.php\n\nDate Reported:          04/11/2001\nBrief Description:      cfingerd daemon remote format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Debian Linux 2.1, Debian Linux 2.2, cfingerd\n                        1.4.3 and earlier\nVulnerability:          cfingerd-remote-format-string\nX-Force URL:            http://xforce.iss.net/static/6364.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server Unicode denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-unicode-dos\nX-Force URL:            http://xforce.iss.net/static/6349.php\n\nDate Reported:          04/11/2001\nBrief Description:      Linux mkpasswd generates weak passwords\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability:          mkpasswd-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6382.php\n\nDate Reported:          04/12/2001\nBrief Description:      Solaris ipcs utility buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-ipcs-bo\nX-Force URL:            http://xforce.iss.net/static/6369.php\n\nDate Reported:          04/12/2001\nBrief Description:      InterScan VirusWall ISADMIN service buffer \n                        overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel , InterScan VirusWall 3.0.1\nVulnerability:          interscan-viruswall-isadmin-bo\nX-Force URL:            http://xforce.iss.net/static/6368.php\n\nDate Reported:          04/12/2001\nBrief Description:      HylaFAX hfaxd format string\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n                        Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n                        Mandrake Linux 7.2, Mandrake Linux Corporate\n                        Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability:          hylafax-hfaxd-format-string\nX-Force URL:            http://xforce.iss.net/static/6377.php\n\nDate Reported:          04/12/2001\nBrief Description:      Cisco VPN 3000 Concentrators invalid IP Option\n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability:          cisco-vpn-ip-dos\nX-Force URL:            http://xforce.iss.net/static/6360.php\n\nDate Reported:          04/13/2001\nBrief Description:      Net.Commerce package in IBM WebSphere reveals\n                        installation path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n                        7, Windows NT 4.0\nVulnerability:          ibm-websphere-reveals-path\nX-Force URL:            http://xforce.iss.net/static/6371.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Term 5.0, QVT/Net 5.0\nVulnerability:          qpc-ftpd-bo\nX-Force URL:            http://xforce.iss.net/static/6376.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     QVT/Net 5.0, QVT/Term 5.0\nVulnerability:          qpc-ftpd-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6375.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC popd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Net 5.0\nVulnerability:          qpc-popd-bo\nX-Force URL:            http://xforce.iss.net/static/6374.php\n\nDate Reported:          04/13/2001\nBrief Description:      NCM Content Management System access database\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     NCM Content Management System\nVulnerability:          ncm-content-database-access\nX-Force URL:            http://xforce.iss.net/static/6386.php\n\nDate Reported:          04/13/2001\nBrief Description:      Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape SmartDownload 1.3, Windows NT, Windows\n                        95, Windows 98\nVulnerability:          netscape-smartdownload-sdph20-bo\nX-Force URL:            http://xforce.iss.net/static/6403.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer accept buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-accept-bo\nX-Force URL:            http://xforce.iss.net/static/6404.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer cancel buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-cancel-bo\nX-Force URL:            http://xforce.iss.net/static/6406.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer disable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-disable-bo\nX-Force URL:            http://xforce.iss.net/static/6407.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer enable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-enable-bo\nX-Force URL:            http://xforce.iss.net/static/6409.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lp buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lp-bo\nX-Force URL:            http://xforce.iss.net/static/6410.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpfilter buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpfilter-bo\nX-Force URL:            http://xforce.iss.net/static/6411.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpstat buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpstat-bo\nX-Force URL:            http://xforce.iss.net/static/6413.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer reject buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-reject-bo\nX-Force URL:            http://xforce.iss.net/static/6414.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer rmail buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-rmail-bo\nX-Force URL:            http://xforce.iss.net/static/6415.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer tput buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-tput-bo\nX-Force URL:            http://xforce.iss.net/static/6416.php\n\nDate Reported:          04/13/2001\nBrief Description:      IBM WebSphere CGI macro denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n                        4.3.x, Solaris 7\nVulnerability:          ibm-websphere-macro-dos\nX-Force URL:            http://xforce.iss.net/static/6372.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpmove buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpmove-bo\nX-Force URL:            http://xforce.iss.net/static/6412.php\n\nDate Reported:          04/14/2001\nBrief Description:      Siemens Reliant Unix ppd -T symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n                        Unix 5.44\nVulnerability:          reliant-unix-ppd-symlink\nX-Force URL:            http://xforce.iss.net/static/6408.php\n\nDate Reported:          04/15/2001\nBrief Description:      Linux Exuberant Ctags package symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, exuberant-ctags\nVulnerability:          exuberant-ctags-symlink\nX-Force URL:            http://xforce.iss.net/static/6388.php\n\nDate Reported:          04/15/2001\nBrief Description:      processit.pl CGI could allow attackers to view\n                        sensitive information about the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     processit.pl\nVulnerability:          processit-cgi-view-info\nX-Force URL:            http://xforce.iss.net/static/6385.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft ISA Server Web Proxy denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft ISA Server 2000\nVulnerability:          isa-web-proxy-dos\nX-Force URL:            http://xforce.iss.net/static/6383.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft Internet Explorer altering CLSID\n                        action allows malicious file execution\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Windows 2000, Internet Explorer 5.5, Windows 98                       \nVulnerability:          ie-clsid-execute-files\nX-Force URL:            http://xforce.iss.net/static/6426.php\n\nDate Reported:          04/16/2001\nBrief Description:      Cisco Catalyst 5000 series switch 802.1x denial\n                        of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco Catalyst 5000 Series\nVulnerability:          cisco-catalyst-8021x-dos\nX-Force URL:            http://xforce.iss.net/static/6379.php\n\nDate Reported:          04/16/2001\nBrief Description:      BubbleMon allows users to gain elevated \n                        privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     BubbleMon prior to 1.32, FreeBSD\nVulnerability:          bubblemon-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6378.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6391.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field allows attacker to upload\n                        files\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-file-upload\nX-Force URL:            http://xforce.iss.net/static/6393.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field EXPR allows attacker to\n                        execute commands\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-expr\nX-Force URL:            http://xforce.iss.net/static/6392.php\n\nDate Reported:          04/16/2001\nBrief Description:      Linux NetFilter IPTables\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability:          linux-netfilter-iptables\nX-Force URL:            http://xforce.iss.net/static/6390.php\n\nDate Reported:          04/17/2001\nBrief Description:      Xitami Web server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability:          xitami-server-dos\nX-Force URL:            http://xforce.iss.net/static/6389.php\n\nDate Reported:          04/17/2001\nBrief Description:      Samba tmpfile symlink attack could allow\n                        elevated privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n                        Progeny Linux, Caldera OpenLinux eBuilder,\n                        Trustix Secure Linux 1.01, Mandrake Linux \n                        Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n                        Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n                        Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n                        OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability:          samba-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6396.php\n\nDate Reported:          04/17/2001\nBrief Description:      GoAhead WebServer \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability:          goahead-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6400.php\n\nDate Reported:          04/17/2001\nBrief Description:      AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     SimpleServer:WWW 1.03 to 1.08\nVulnerability:          analogx-simpleserver-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6395.php\n\nDate Reported:          04/17/2001\nBrief Description:      Viking Server hexadecimal URL encoded format\n                        directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server prior to 1.07-381\nVulnerability:          viking-hex-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6394.php\n\nDate Reported:          04/17/2001\nBrief Description:      Solaris FTP server allows attacker to recover\n                        shadow file\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 2.6\nVulnerability:          solaris-ftp-shadow-recovery\nX-Force URL:            http://xforce.iss.net/static/6422.php\n\nDate Reported:          04/18/2001\nBrief Description:      The Bat! pop3 denial of service\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     The Bat! 1.51, Windows\nVulnerability:          thebat-pop3-dos\nX-Force URL:            http://xforce.iss.net/static/6423.php\n\nDate Reported:          04/18/2001\nBrief Description:      Eudora allows attacker to obtain files using\n                        plain text attachments\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Eudora 5.0.2\nVulnerability:          eudora-plain-text-attachment\nX-Force URL:            http://xforce.iss.net/static/6431.php\n\nDate Reported:          04/18/2001\nBrief Description:      VMware vmware-mount.pl symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     VMware\nVulnerability:          vmware-mount-symlink\nX-Force URL:            http://xforce.iss.net/static/6420.php\n\nDate Reported:          04/18/2001\nBrief Description:      KFM tmpfile symbolic link could allow local\n                        attackers to overwrite files\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 7.0, K File Manager (KFM)\nVulnerability:          kfm-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6428.php\n\nDate Reported:          04/18/2001\nBrief Description:      CyberScheduler timezone remote buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     CyberScheduler, Mandrake Linux, Windows 2000,\n                        IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n                        Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n                        Linux, Solaris 2.5, Solaris 2.6, Caldera \n                        OpenLinux, Windows NT\nVulnerability:          cyberscheduler-timezone-bo\nX-Force URL:            http://xforce.iss.net/static/6401.php\n\nDate Reported:          04/18/2001\nBrief Description:      Microsoft Data Access Component Internet\n                        Publishing Provider allows WebDAV access\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft Data Access Component 8.103.2519.0,\n                        Windows 95, Windows NT 4.0, Windows 98, Windows\n                        98 Second Edition, Windows 2000, Windows ME \nVulnerability:          ms-dacipp-webdav-access\nX-Force URL:            http://xforce.iss.net/static/6405.php\n\nDate Reported:          04/18/2001\nBrief Description:      Oracle tnslsnr80.exe denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability:          oracle-tnslsnr80-dos\nX-Force URL:            http://xforce.iss.net/static/6427.php\n\nDate Reported:          04/18/2001\nBrief Description:      innfeed -c flag buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux, Slackware Linux, Mandrake Linux,\n                        INN prior to 2.3.1\nVulnerability:          innfeed-c-bo\nX-Force URL:            http://xforce.iss.net/static/6398.php\n\nDate Reported:          04/18/2001\nBrief Description:      iPlanet Calendar Server stores username and\n                        password in plaintext\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     iPlanet Calendar Server 5.0p2\nVulnerability:          iplanet-calendar-plaintext-password\nX-Force URL:            http://xforce.iss.net/static/6402.php\n\nDate Reported:          04/18/2001\nBrief Description:      Linux NEdit symlink when printing\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n                        2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n                        SuSE Linux 7.0, Mandrake Linux Corporate Server\n                        1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability:          nedit-print-symlink\nX-Force URL:            http://xforce.iss.net/static/6424.php\n\nDate Reported:          04/19/2001\nBrief Description:      CheckBO TCP buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     CheckBO 1.56 and earlier\nVulnerability:          checkbo-tcp-bo\nX-Force URL:            http://xforce.iss.net/static/6436.php\n\nDate Reported:          04/19/2001\nBrief Description:      HP-UX pcltotiff uses insecure permissions\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n                        HP-UX 10.26\nVulnerability:          hp-pcltotiff-insecure-permissions\nX-Force URL:            http://xforce.iss.net/static/6447.php\n\nDate Reported:          04/19/2001\nBrief Description:      Netopia Timbuktu allows unauthorized system\n                        access\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Timbuktu Pro, Macintosh OS X\nVulnerability:          netopia-timbuktu-gain-access\nX-Force URL:            http://xforce.iss.net/static/6452.php\n\nDate Reported:          04/20/2001\nBrief Description:      Cisco CBOS could allow attackers to gain \n                        privileged information\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability:          cisco-cbos-gain-information\nX-Force URL:            http://xforce.iss.net/static/6453.php\n\nDate Reported:          04/20/2001\nBrief Description:      Internet Explorer 5.x allows active scripts \n                        using XML stylesheets\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Internet Explorer 5.x, Outlook Express 5.x\nVulnerability:          ie-xml-stylesheets-scripting\nX-Force URL:            http://xforce.iss.net/static/6448.php\n\nDate Reported:          04/20/2001\nBrief Description:      Linux gftp format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     gftp prior to 2.0.8, Mandrake Linux 8.0, \n                        Mandrake Linux Corporate Server 1.0.1, Immunix\n                        Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n                        7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n                        Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n                        Linux 7.0\nVulnerability:          gftp-format-string\nX-Force URL:            http://xforce.iss.net/static/6478.php\n\nDate Reported:          04/20/2001\nBrief Description:      Novell BorderManager VPN client SYN requests \n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Novell BorderManager 3.5\nVulnerability:          bordermanager-vpn-syn-dos\nX-Force URL:            http://xforce.iss.net/static/6429.php\n\nDate Reported:          04/20/2001\nBrief Description:      SAFT sendfiled could allow the execution of\n                        arbitrary code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability:          saft-sendfiled-execute-code\nX-Force URL:            http://xforce.iss.net/static/6430.php\n\nDate Reported:          04/21/2001\nBrief Description:      Mercury MTA for Novell Netware buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability:          mercury-mta-bo\nX-Force URL:            http://xforce.iss.net/static/6444.php\n\nDate Reported:          04/21/2001\nBrief Description:      QNX allows attacker to read files on FAT \n                        partition\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QNX 2.4\nVulnerability:          qnx-fat-file-read\nX-Force URL:            http://xforce.iss.net/static/6437.php\n\nDate Reported:          04/23/2001\nBrief Description:      Viking Server \"dot dot\" (\\...\\) directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server 1.0.7\nVulnerability:          viking-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6450.php\n\nDate Reported:          04/24/2001\nBrief Description:      NetCruiser Web Server could reveal directory\n                        path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     NetCruiser Web Server 0.1.2.8\nVulnerability:          netcruiser-server-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6468.php\n\nDate Reported:          04/24/2001\nBrief Description:      Perl Web Server directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Perl Web Server 0.3 and prior\nVulnerability:          perl-webserver-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6451.php\n\nDate Reported:          04/24/2001\nBrief Description:      Small HTTP Server /aux denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Small HTTP Server 2.03\nVulnerability:          small-http-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6446.php\n\nDate Reported:          04/24/2001\nBrief Description:      IPSwitch IMail SMTP daemon mailing list handler\n                        buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     IPSwitch Imail 6.06 and earlier\nVulnerability:          ipswitch-imail-smtp-bo\nX-Force URL:            http://xforce.iss.net/static/6445.php\n\nDate Reported:          04/25/2001\nBrief Description:      MIT Kerberos 5 could allow attacker to gain root\n                        access by injecting base64-encoded data\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     MIT Kerberos 5\nVulnerability:          kerberos-inject-base64-encode\nX-Force URL:            http://xforce.iss.net/static/6454.php\n\nDate Reported:          04/26/2001\nBrief Description:      IRIX netprint -n allows attacker to access\n                        shared library\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     IRIX 6.x\nVulnerability:          irix-netprint-shared-library\nX-Force URL:            http://xforce.iss.net/static/6473.php\n\nDate Reported:          04/26/2001\nBrief Description:      WebXQ \"dot dot\" directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Windows, WebXQ 2.1.204\nVulnerability:          webxq-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6466.php\n\nDate Reported:          04/26/2001\nBrief Description:      RaidenFTPD \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability:          raidenftpd-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6455.php\n\nDate Reported:          04/27/2001\nBrief Description:      PerlCal CGI cal_make.pl script directory\n                        traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Unix, PerlCal 2.95 and prior\nVulnerability:          perlcal-calmake-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6480.php\n\nDate Reported:          04/28/2001\nBrief Description:      ICQ Web Front plugin denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability:          icq-webfront-dos\nX-Force URL:            http://xforce.iss.net/static/6474.php\n\nDate Reported:          04/28/2001\nBrief Description:      Alex FTP Server \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Alex\u0027s FTP Server 0.7\nVulnerability:          alex-ftp-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6475.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver FTP path disclosure\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-ftp-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6477.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver Web server \"dot dot\" directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-web-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6476.php\n\nDate Reported:          04/29/2001\nBrief Description:      Winamp AIP buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Winamp 2.6x and 2.7x\nVulnerability:          winamp-aip-bo\nX-Force URL:            http://xforce.iss.net/static/6479.php\n\nDate Reported:          04/29/2001\nBrief Description:      BearShare \"dot dot\" allows remote attacker to traverse\n                        directories and download any file\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BearShare 2.2.2 and prior, Windows 95, Windows\n                        98, Windows ME\nVulnerability:          bearshare-dot-download-files\nX-Force URL:            http://xforce.iss.net/static/6481.php\n\nDate Reported:          05/01/2001\nBrief Description:      IIS 5.0 ISAPI extension buffer overflow\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IIS 5.0, Windows 2000 Server, Windows 2000\n                        Advanced Server, Windows 2000 Datacenter Server\nVulnerability:          iis-isapi-bo\nX-Force URL:            http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n        High    Any vulnerability that provides an attacker with immediate\n                access into a machine, gains superuser access, or bypasses\n                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version\n                that allows an intruder to execute commands on mail\n                server. \n        Medium  Any vulnerability that provides information that has a\n                high potential of giving system access to an intruder. \n                Example: A misconfigured TFTP or vulnerable NIS server\n                that allows an intruder to get the password file that\n                could contain an account with a guessable password. \n        Low     Any vulnerability that provides information that\n                potentially could lead to a compromise.  Example:  A\n                finger that allows an intruder to find out who is online\n                and potential accounts to attempt to crack passwords\n                via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business.  With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies.  Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East.  For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0444"
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3263"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          }
        ],
        "trust": 3.51
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-0444",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2635",
            "trust": 1.7
          },
          {
            "db": "OSVDB",
            "id": "1796",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 1.1
          },
          {
            "db": "XF",
            "id": "6348",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6351",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.9
          },
          {
            "db": "BID",
            "id": "2575",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#890128",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "2598",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6453",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20010420 BUG IN CISCO CBOS V2.3.0.053",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-038",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-3263",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6382",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6475",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6343",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6386",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6328",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6333",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6334",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6376",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6345",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6422",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6322",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6378",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6342",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6405",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6321",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6377",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6428",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6450",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6332",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6410",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6478",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6359",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6485",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6414",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6371",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6477",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6395",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6394",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6353",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6466",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6481",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6329",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6372",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6437",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6367",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6411",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6452",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6354",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6344",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6356",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6420",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6424",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6365",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6415",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6416",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6412",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6391",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6447",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6362",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6408",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6331",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6431",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6479",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6429",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6392",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6396",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6480",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6468",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6366",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6327",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6474",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6319",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6403",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6413",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6388",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6363",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6454",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6364",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6400",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6339",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6455",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6341",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6318",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6347",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6436",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6448",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6320",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6385",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6379",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6402",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6426",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6323",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6369",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6336",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6427",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6446",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6349",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6368",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6389",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6357",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6476",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6401",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6326",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6340",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6337",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6473",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6375",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6409",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6390",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6335",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6393",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6324",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6445",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6404",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6360",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6398",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6430",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6406",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6444",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6330",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6355",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6407",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6374",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6383",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6451",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3263"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-038"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0444"
          }
        ]
      },
      "id": "VAR-200107-0173",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3263"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T22:05:38.698000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0444"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/2635"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0380.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/1796"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6453"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6348.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6351.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2575"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2598"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.7,
            "url": "http://xforce.iss.net/static/6453.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.lotus.com/home.nsf/welcome/domino"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6323.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6330.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6392.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6444.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6455.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6468.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6452.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6327.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6395.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6485.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6402.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6362.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6366.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6336.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6451.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6334.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6406.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6427.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.iss.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6343.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6326.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6319.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6344.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6398.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6428.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6353.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6356.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6390.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6450.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6446.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6368.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6332.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6359.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6376.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6354.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6378.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6374.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6394.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6383.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6411.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6414.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6481.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6349.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6365.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6382.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6403.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6324.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6329.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6437.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6388.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6415.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6424.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6342.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6337.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6357.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/alerts/vol-6_num-6.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6407.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6379.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6389.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6436.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6466.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6412.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6448.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6400.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6318.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6478.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6454.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6372.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6420.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6335.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6345.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6479.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6355.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6321.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6364.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6476.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6393.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6391.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6341.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6371.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6429.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6369.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6405.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6431.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6422.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6410.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6347.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6360.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6401.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6413.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6474.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6477.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6385.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6473.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6328.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6377.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6416.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6339.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6367.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6445.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6375.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/maillists/index.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6475.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6430.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6340.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6396.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6426.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6331.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6386.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/sensitive.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6333.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6480.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6409.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6447.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6404.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6320.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6408.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6322.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6363.php"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3263"
          },
          {
            "db": "BID",
            "id": "2599"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-038"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0444"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-3263",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-038",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0444",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3263",
            "ident": null
          },
          {
            "date": "2001-04-11T00:00:00",
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "date": "2001-05-16T01:07:09",
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "date": "2001-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200107-038",
            "ident": null
          },
          {
            "date": "2001-07-02T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0444",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#890128",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#642760",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2017-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3263",
            "ident": null
          },
          {
            "date": "2001-04-11T00:00:00",
            "db": "BID",
            "id": "2599",
            "ident": null
          },
          {
            "date": "2005-10-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200107-038",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-0444",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-038"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Lotus Domino vulnerable to a denial of service via DOS device request",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#890128"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "unknown",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-038"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200106-0035

    Vulnerability from variot - Updated: 2026-03-09 23:08

    Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Microsoft Windows of ISAPI An extension contains a buffer overflow vulnerability because a part of the code that processes input parameters contains a buffer that is not checked for upper bounds.Local System Arbitrary code may be executed with the privileges of. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200106-0035",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "windows 2000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "*"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lotus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rit",
            "version": null
          },
          {
            "model": "iis",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "5.0"
          },
          {
            "model": "windows 2000",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "advanced server (iis 5.0 when operating )"
          },
          {
            "model": "windows 2000",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "datacenter server (iis 5.0 when operating )"
          },
          {
            "model": "windows 2000",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "professional (iis 5.0 when operating )"
          },
          {
            "model": "windows 2000",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "server (iis 5.0 when operating )"
          },
          {
            "model": "windows 2000",
            "scope": null,
            "trust": 0.6,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.101"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.51"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.49"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.48"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.47"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.46"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.45"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.44"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.43"
          },
          {
            "model": "research labs the bat! f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.41"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.39"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.36"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.35"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.34"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.33"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.32"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.31"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.22"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.21"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.19"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.18"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.17"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.15"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.14"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.5"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.1"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.043"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.041"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.039"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.036"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.035"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.032"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.031"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.029"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.028"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.015"
          },
          {
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.011"
          },
          {
            "model": "research labs the bat!",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.52"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000061"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0241"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:microsoft:iis",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_2000",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000061"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Riley Hassell\u203b riley@eeye.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-123"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2001-0241",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-0241",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-0241",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#516648",
                "trust": 0.8,
                "value": "54.00"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#310816",
                "trust": 0.8,
                "value": "1.62"
              },
              {
                "author": "NVD",
                "id": "CVE-2001-0241",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200106-123",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#516648"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000061"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0241"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur.  This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Microsoft Windows of ISAPI An extension contains a buffer overflow vulnerability because a part of the code that processes input parameters contains a buffer that is not checked for upper bounds.Local System Arbitrary code may be executed with the privileges of. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure.  This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server.  The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0241"
          },
          {
            "db": "CERT/CC",
            "id": "VU#516648"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000061"
          },
          {
            "db": "BID",
            "id": "2636"
          }
        ],
        "trust": 4.05
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "2674",
            "trust": 3.2
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0241",
            "trust": 2.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#516648",
            "trust": 1.6
          },
          {
            "db": "OSVDB",
            "id": "3323",
            "trust": 1.6
          },
          {
            "db": "BID",
            "id": "2636",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000061",
            "trust": 0.8
          },
          {
            "db": "MS",
            "id": "MS01-023",
            "trust": 0.6
          },
          {
            "db": "OVAL",
            "id": "OVAL:ORG.MITRE.OVAL:DEF:1068",
            "trust": 0.6
          },
          {
            "db": "CERT/CC",
            "id": "CA-2001-10",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010501 WINDOWS 2000 IIS 5.0 REMOTE BUFFER OVERFLOW VULNERABILITY (REMOTE SYSTEM LEVEL ACCESS)",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "6485",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-123",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#516648"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000061"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0241"
          }
        ]
      },
      "id": "VAR-200106-0035",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2026-03-09T23:08:47.953000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MS01-023",
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/bulletin/MS01-023.mspx"
          },
          {
            "title": "MS01-023",
            "trust": 0.8,
            "url": "http://www.microsoft.com/japan/technet/security/bulletin/MS01-023.mspx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000061"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0241"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "http://www.securityfocus.com/bid/2674"
          },
          {
            "trust": 2.4,
            "url": "http://www.cert.org/advisories/ca-2001-10.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.osvdb.org/3323"
          },
          {
            "trust": 1.4,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms01-023.asp"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1068"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6485"
          },
          {
            "trust": 1.0,
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=98874912915948\u0026w=2"
          },
          {
            "trust": 0.8,
            "url": "http://www.eeye.com/html/research/advisories/ad20010501.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/iis5chk.asp"
          },
          {
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/tools.asp"
          },
          {
            "trust": 0.8,
            "url": "http://www.microsoft.com/downloads/release.asp?releaseid=29321"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2636"
          },
          {
            "trust": 0.8,
            "url": "http://www.ritlabs.com/the_bat/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0241"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0241"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/516648"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98874912915948\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/static/6485.php"
          },
          {
            "trust": 0.6,
            "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1068"
          },
          {
            "trust": 0.3,
            "url": "http://www.thebat.net"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#516648"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000061"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0241"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#516648"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000061"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0241"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2001-05-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#516648"
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "date": "2001-06-01T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636"
          },
          {
            "date": "2001-05-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-123"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2001-000061"
          },
          {
            "date": "2001-06-27T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0241"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2001-06-26T00:00:00",
            "db": "CERT/CC",
            "id": "VU#516648"
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "date": "2001-08-30T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636"
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-123"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2001-000061"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-0241"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-123"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Microsoft Windows 2000/Internet Information Server (IIS) 5.0 Internet Printing Protocol (IPP) ISAPI contains buffer overflow (MS01-023)",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#516648"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "unknown",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-123"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200106-0149

    Vulnerability from variot - Updated: 2026-03-09 22:53

    Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "imail",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ipswitch",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rit",
            "version": null
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ipswitch",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.101"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.51"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.49"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.48"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.47"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.46"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.45"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.44"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.43"
          },
          {
            "_id": null,
            "model": "research labs the bat! f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.41"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.39"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.36"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.35"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.34"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.33"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.32"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.31"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.22"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.21"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.19"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.18"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.17"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.15"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.14"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.043"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.041"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.039"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.036"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.035"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.032"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.031"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.029"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.028"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.015"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.011"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.52"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-136"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0494"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Reported to bugtraq by 3APA3A \u003c3APA3A@SECURITY.NNOV.RU\u003e on Wed, 18 Apr, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "2636"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-0494",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-0494",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-3312",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-0494",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#310816",
                "trust": 0.8,
                "value": "1.62"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200106-136",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3312",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3312"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-136"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0494"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur.  This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure.  This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server.  The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0494"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3312"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "OSVDB",
            "id": "5610",
            "trust": 1.7
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0494",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2636",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-136",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "6445",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010424 IPSWITCH IMAIL 6.06 SMTP REMOTE SYSTEM ACCESS VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-3312",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3312"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-136"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0494"
          }
        ]
      },
      "id": "VAR-200106-0149",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3312"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T22:53:45.338000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0494"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html"
          },
          {
            "trust": 1.7,
            "url": "http://ipswitch.com/support/imail/news.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/5610"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6445"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2636"
          },
          {
            "trust": 0.8,
            "url": "http://www.ritlabs.com/the_bat/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/static/6445.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.thebat.net"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3312"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-136"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0494"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-3312",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-136",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0494",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-06-01T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2001-06-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3312",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2001-06-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-136",
            "ident": null
          },
          {
            "date": "2001-06-27T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0494",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-08-30T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2017-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3312",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-136",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-0494",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-136"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Lotus Domino vulnerable to DoS via many large connects sent to 63148/TCP",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-136"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200106-0168

    Vulnerability from variot - Updated: 2026-03-09 22:21

    Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6

    X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php

    This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php


    Contents: * 120 Reported Vulnerabilities * Risk Factor Key


    Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php

    Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php

    Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php

    Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php

    Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php

    Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php

    Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php

    Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php

    Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php

    Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php

    Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php

    Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php

    Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php

    Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php

    Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php

    Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php

    Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php

    Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php

    Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php

    Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php

    Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php

    Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php

    Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php

    Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php

    Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php

    Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php

    Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php

    Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php

    Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php

    Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php

    Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php

    Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php

    Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php

    Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php

    Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php

    Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php

    Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php

    Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php

    Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php

    Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php

    Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php

    Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php

    Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php

    Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php

    Date Reported: 04/16/2001 Brief Description: Microsoft Internet Explorer altering CLSID action allows malicious file execution Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
    Vulnerability: ie-clsid-execute-files X-Force URL: http://xforce.iss.net/static/6426.php

    Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php

    Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php

    Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php

    Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php

    Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php

    Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php

    Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php

    Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php

    Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php

    Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php

    Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php

    Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php

    Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php

    Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php

    Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php

    Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php

    Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php

    Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php

    Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php

    Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php

    Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php

    Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php

    Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php

    Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php

    Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php

    Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php

    Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php

    Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php

    Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php

    Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php

    Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php

    Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php

    Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php

    Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php

    Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php

    Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php

    Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php

    Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php

    Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php

    Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php

    Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php

    Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php

    Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php

    Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php


    Risk Factor Key:

        High    Any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server. 
        Medium  Any vulnerability that provides information that has a
                high potential of giving system access to an intruder. 
                Example: A misconfigured TFTP or vulnerable NIS server
                that allows an intruder to get the password file that
                could contain an account with a guessable password. 
        Low     Any vulnerability that provides information that
                potentially could lead to a compromise.  Example:  A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via brute force methods.
    

    About Internet Security Systems (ISS)

    Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.

    Copyright (c) 2001 by Internet Security Systems, Inc.

    Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.

    Disclaimer

    The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

    X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.

    Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv

    iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": "content services switch 11050",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "*"
          },
          {
            "_id": null,
            "model": "content services switch 11150",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "*"
          },
          {
            "_id": null,
            "model": "content services switch 11800",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "*"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rit",
            "version": null
          },
          {
            "_id": null,
            "model": "content services switch 11150",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "content services switch 11050",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "content services switch 11800",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.101"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.51"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.49"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.48"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.47"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.46"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.45"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.44"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.43"
          },
          {
            "_id": null,
            "model": "research labs the bat! f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.41"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.39"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.36"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.35"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.34"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.33"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.32"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.31"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.22"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.21"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.19"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.18"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.17"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.15"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.14"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.043"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.041"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.039"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.036"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.035"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.032"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.031"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.029"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.028"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.015"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.011"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.52"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-094"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0412"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "This vulnerability was announced to Bugtraq in a Cisco Security Advisory dated April 4, 2001.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-094"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2001-0412",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2001-0412",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-3231",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-0412",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#601312",
                "trust": 0.8,
                "value": "9.98"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#310816",
                "trust": 0.8,
                "value": "1.62"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200106-094",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3231",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-094"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0412"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur.  This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure.  This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server.  The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported:          04/02/2001\nBrief Description:      The Bat! masked file type in email attachment\n                        could allow execution of code\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     The Bat! 1.49 and earlier\nVulnerability:          thebat-masked-file-type\nX-Force URL:            http://xforce.iss.net/static/6324.php\n\nDate Reported:          04/02/2001\nBrief Description:      PHP-Nuke could allow attackers to redirect ad\n                        banner URL links\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     PHP-Nuke 4.4 and earlier\nVulnerability:          php-nuke-url-redirect\nX-Force URL:            http://xforce.iss.net/static/6342.php\n\nDate Reported:          04/03/2001\nBrief Description:      Orinoco RG-1000 Residential Gateway default SSID\n                        reveals WEP encryption key\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Orinoco Residential Gateway RG-1000\nVulnerability:          orinoco-rg1000-wep-key\nX-Force URL:            http://xforce.iss.net/static/6328.php\n\nDate Reported:          04/03/2001\nBrief Description:      Navision Financials server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Navision Financials 2.5 and 2.6\nVulnerability:          navision-server-dos\nX-Force URL:            http://xforce.iss.net/static/6318.php\n\nDate Reported:          04/03/2001\nBrief Description:      uStorekeeper online shopping system allows\n                        remote file retrieval\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     uStorekeeper 1.61\nVulnerability:          ustorekeeper-retrieve-files\nX-Force URL:            http://xforce.iss.net/static/6319.php\n\nDate Reported:          04/03/2001\nBrief Description:      Resin server allows remote attackers to view\n                        Javabean files\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Resin 1.2.x, Resin 1.3b1\nVulnerability:          resin-view-javabean\nX-Force URL:            http://xforce.iss.net/static/6320.php\n\nDate Reported:          04/03/2001\nBrief Description:      BPFTP could allow attackers to obtain login\n                        credentials\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BPFTP 2.0\nVulnerability:          bpftp-obtain-credentials\nX-Force URL:            http://xforce.iss.net/static/6330.php\n\nDate Reported:          04/04/2001\nBrief Description:      Ntpd server readvar control message buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n                        Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n                        Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n                        earlier, FreeBSD 4.2-Stable, Mandrake Linux\n                        Corporate Server 1.0.1, Mandrake Linux 7.2,\n                        Trustix Secure Linux, Immunix Linux 7.0, \n                        NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n                        eServer 2.3.1\nVulnerability:          ntpd-remote-bo\nX-Force URL:            http://xforce.iss.net/static/6321.php\n\nDate Reported:          04/04/2001\nBrief Description:      Cisco CSS debug mode allows users to gain\n                        administrative access\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco Content Services Switch 11050, Cisco \n                        Content Services Switch 11150, Cisco Content\n                        Services Switch 11800\nVulnerability:          cisco-css-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6322.php\n\nDate Reported:          04/04/2001\nBrief Description:      BEA Tuxedo may allow access to remote services\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BEA Tuxedo 7.1\nVulnerability:          bea-tuxedo-remote-access\nX-Force URL:            http://xforce.iss.net/static/6326.php\n\nDate Reported:          04/05/2001\nBrief Description:      Ultimate Bulletin Board could allow attackers to\n                        bypass authentication\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Ultimate Bulletin Board 5.43, Ultimate Bulletin\n                        Board 5.4.7e\nVulnerability:          ultimatebb-bypass-authentication\nX-Force URL:            http://xforce.iss.net/static/6339.php\n\nDate Reported:          04/05/2001\nBrief Description:      BinTec X4000 NMAP denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n                        BinTec X1200\nVulnerability:          bintec-x4000-nmap-dos\nX-Force URL:            http://xforce.iss.net/static/6323.php\n\nDate Reported:          04/05/2001\nBrief Description:      WatchGuard Firebox II kernel denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     WatchGuard Firebox II prior to 4.6\nVulnerability:          firebox-kernel-dos\nX-Force URL:            http://xforce.iss.net/static/6327.php\n\nDate Reported:          04/06/2001\nBrief Description:      Cisco PIX denial of service due to multiple \n                        TACACS+ requests\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco PIX Firewall 5.1.4\nVulnerability:          cisco-pix-tacacs-dos\nX-Force URL:            http://xforce.iss.net/static/6353.php\n\nDate Reported:          04/06/2001\nBrief Description:      Darren Reed\u0027s IP Filter allows attackers to\n                        access UDP and TCP ports\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IP Filter 3.4.16\nVulnerability:          ipfilter-access-ports\nX-Force URL:            http://xforce.iss.net/static/6331.php\n\nDate Reported:          04/06/2001\nBrief Description:      Veritas NetBackup nc (netcat) command denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     NetBackup 3.2\nVulnerability:          veritas-netbackup-nc-dos\nX-Force URL:            http://xforce.iss.net/static/6329.php\n\nDate Reported:          04/08/2001\nBrief Description:      PGP may allow malicious users to access\n                        authenticated split keys\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     PGP 7.0\nVulnerability:          nai-pgp-split-keys\nX-Force URL:            http://xforce.iss.net/static/6341.php\n\nDate Reported:          04/09/2001\nBrief Description:      Solaris kcms_configure command line buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcms-command-bo\nX-Force URL:            http://xforce.iss.net/static/6359.php\n\nDate Reported:          04/09/2001\nBrief Description:      TalkBack CGI script could allow remote attackers\n                        to read files on the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     TalkBack prior to 1.2\nVulnerability:          talkback-cgi-read-files\nX-Force URL:            http://xforce.iss.net/static/6340.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) implementation\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n                        HP-UX 11.00, NetBSD\nVulnerability:          ftp-glob-implementation\nX-Force URL:            http://xforce.iss.net/static/6333.php\n\nDate Reported:          04/09/2001\nBrief Description:      Pine mail client temp file symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n                        Linux 6.2, Red Hat Linux 7.0\nVulnerability:          pine-tmp-file-symlink\nX-Force URL:            http://xforce.iss.net/static/6367.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) expansion\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n                        OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability:          ftp-glob-expansion\nX-Force URL:            http://xforce.iss.net/static/6332.php\n\nDate Reported:          04/09/2001\nBrief Description:      Netscape embedded JavaScript in GIF file \n                        comments can be used to access remote data\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape Communicator 4.76, Red Hat Linux 6.2,\n                        Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n                        7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n                        Red Hat Linux 7.1\nVulnerability:          netscape-javascript-access-data\nX-Force URL:            http://xforce.iss.net/static/6344.php\n\nDate Reported:          04/09/2001\nBrief Description:      STRIP generates weak passwords\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     STRIP 0.5 and earlier\nVulnerability:          strip-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6362.php\n\nDate Reported:          04/10/2001\nBrief Description:      Solaris Xsun HOME environment variable buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-xsun-home-bo\nX-Force URL:            http://xforce.iss.net/static/6343.php\n\nDate Reported:          04/10/2001\nBrief Description:      Compaq Presario Active X denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Compaq Presario, Windows 98, Windows ME\nVulnerability:          compaq-activex-dos\nX-Force URL:            http://xforce.iss.net/static/6355.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-expert-account\nX-Force URL:            http://xforce.iss.net/static/6354.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on LAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-lan-access\nX-Force URL:            http://xforce.iss.net/static/6336.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on WAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-wan-access\nX-Force URL:            http://xforce.iss.net/static/6337.php\n\nDate Reported:          04/10/2001\nBrief Description:      Oracle Application Server shared library\n                        (ndwfn4.so) buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     iPlanet Web Server 4.x, Oracle Application\n                        Server 4.0.8.2\nVulnerability:          oracle-appserver-ndwfn4-bo\nX-Force URL:            http://xforce.iss.net/static/6334.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems use blank password by\n                        default\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-blank-password\nX-Force URL:            http://xforce.iss.net/static/6335.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris dtsession buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-dtsession-bo\nX-Force URL:            http://xforce.iss.net/static/6366.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcssunwiosolf-bo\nX-Force URL:            http://xforce.iss.net/static/6365.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lightwave ConsoleServer brute force password\n                        attack\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Lightwave ConsoleServer 3200\nVulnerability:          lightwave-consoleserver-brute-force\nX-Force URL:            http://xforce.iss.net/static/6345.php\n\nDate Reported:          04/11/2001\nBrief Description:      nph-maillist allows user to execute code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Email List Generator 3.5 and earlier\nVulnerability:          nph-maillist-execute-code\nX-Force URL:            http://xforce.iss.net/static/6363.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost Configuration Server denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5\nVulnerability:          ghost-configuration-server-dos\nX-Force URL:            http://xforce.iss.net/static/6357.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server DOS device denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-device-dos\nX-Force URL:            http://xforce.iss.net/static/6348.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server HTTP header denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-header-dos\nX-Force URL:            http://xforce.iss.net/static/6347.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server URL parsing denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-url-dos\nX-Force URL:            http://xforce.iss.net/static/6351.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server CORBA denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-corba-dos\nX-Force URL:            http://xforce.iss.net/static/6350.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost database engine denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5, Sybase Adaptive Server Database\n                        Engine 6.0.3.2747\nVulnerability:          ghost-database-engine-dos\nX-Force URL:            http://xforce.iss.net/static/6356.php\n\nDate Reported:          04/11/2001\nBrief Description:      cfingerd daemon remote format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Debian Linux 2.1, Debian Linux 2.2, cfingerd\n                        1.4.3 and earlier\nVulnerability:          cfingerd-remote-format-string\nX-Force URL:            http://xforce.iss.net/static/6364.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server Unicode denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-unicode-dos\nX-Force URL:            http://xforce.iss.net/static/6349.php\n\nDate Reported:          04/11/2001\nBrief Description:      Linux mkpasswd generates weak passwords\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability:          mkpasswd-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6382.php\n\nDate Reported:          04/12/2001\nBrief Description:      Solaris ipcs utility buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-ipcs-bo\nX-Force URL:            http://xforce.iss.net/static/6369.php\n\nDate Reported:          04/12/2001\nBrief Description:      InterScan VirusWall ISADMIN service buffer \n                        overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel , InterScan VirusWall 3.0.1\nVulnerability:          interscan-viruswall-isadmin-bo\nX-Force URL:            http://xforce.iss.net/static/6368.php\n\nDate Reported:          04/12/2001\nBrief Description:      HylaFAX hfaxd format string\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n                        Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n                        Mandrake Linux 7.2, Mandrake Linux Corporate\n                        Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability:          hylafax-hfaxd-format-string\nX-Force URL:            http://xforce.iss.net/static/6377.php\n\nDate Reported:          04/12/2001\nBrief Description:      Cisco VPN 3000 Concentrators invalid IP Option\n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability:          cisco-vpn-ip-dos\nX-Force URL:            http://xforce.iss.net/static/6360.php\n\nDate Reported:          04/13/2001\nBrief Description:      Net.Commerce package in IBM WebSphere reveals\n                        installation path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n                        7, Windows NT 4.0\nVulnerability:          ibm-websphere-reveals-path\nX-Force URL:            http://xforce.iss.net/static/6371.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Term 5.0, QVT/Net 5.0\nVulnerability:          qpc-ftpd-bo\nX-Force URL:            http://xforce.iss.net/static/6376.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     QVT/Net 5.0, QVT/Term 5.0\nVulnerability:          qpc-ftpd-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6375.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC popd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Net 5.0\nVulnerability:          qpc-popd-bo\nX-Force URL:            http://xforce.iss.net/static/6374.php\n\nDate Reported:          04/13/2001\nBrief Description:      NCM Content Management System access database\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     NCM Content Management System\nVulnerability:          ncm-content-database-access\nX-Force URL:            http://xforce.iss.net/static/6386.php\n\nDate Reported:          04/13/2001\nBrief Description:      Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape SmartDownload 1.3, Windows NT, Windows\n                        95, Windows 98\nVulnerability:          netscape-smartdownload-sdph20-bo\nX-Force URL:            http://xforce.iss.net/static/6403.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer accept buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-accept-bo\nX-Force URL:            http://xforce.iss.net/static/6404.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer cancel buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-cancel-bo\nX-Force URL:            http://xforce.iss.net/static/6406.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer disable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-disable-bo\nX-Force URL:            http://xforce.iss.net/static/6407.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer enable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-enable-bo\nX-Force URL:            http://xforce.iss.net/static/6409.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lp buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lp-bo\nX-Force URL:            http://xforce.iss.net/static/6410.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpfilter buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpfilter-bo\nX-Force URL:            http://xforce.iss.net/static/6411.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpstat buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpstat-bo\nX-Force URL:            http://xforce.iss.net/static/6413.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer reject buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-reject-bo\nX-Force URL:            http://xforce.iss.net/static/6414.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer rmail buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-rmail-bo\nX-Force URL:            http://xforce.iss.net/static/6415.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer tput buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-tput-bo\nX-Force URL:            http://xforce.iss.net/static/6416.php\n\nDate Reported:          04/13/2001\nBrief Description:      IBM WebSphere CGI macro denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n                        4.3.x, Solaris 7\nVulnerability:          ibm-websphere-macro-dos\nX-Force URL:            http://xforce.iss.net/static/6372.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpmove buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpmove-bo\nX-Force URL:            http://xforce.iss.net/static/6412.php\n\nDate Reported:          04/14/2001\nBrief Description:      Siemens Reliant Unix ppd -T symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n                        Unix 5.44\nVulnerability:          reliant-unix-ppd-symlink\nX-Force URL:            http://xforce.iss.net/static/6408.php\n\nDate Reported:          04/15/2001\nBrief Description:      Linux Exuberant Ctags package symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, exuberant-ctags\nVulnerability:          exuberant-ctags-symlink\nX-Force URL:            http://xforce.iss.net/static/6388.php\n\nDate Reported:          04/15/2001\nBrief Description:      processit.pl CGI could allow attackers to view\n                        sensitive information about the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     processit.pl\nVulnerability:          processit-cgi-view-info\nX-Force URL:            http://xforce.iss.net/static/6385.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft ISA Server Web Proxy denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft ISA Server 2000\nVulnerability:          isa-web-proxy-dos\nX-Force URL:            http://xforce.iss.net/static/6383.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft Internet Explorer altering CLSID\n                        action allows malicious file execution\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Windows 2000, Internet Explorer 5.5, Windows 98                       \nVulnerability:          ie-clsid-execute-files\nX-Force URL:            http://xforce.iss.net/static/6426.php\n\nDate Reported:          04/16/2001\nBrief Description:      Cisco Catalyst 5000 series switch 802.1x denial\n                        of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco Catalyst 5000 Series\nVulnerability:          cisco-catalyst-8021x-dos\nX-Force URL:            http://xforce.iss.net/static/6379.php\n\nDate Reported:          04/16/2001\nBrief Description:      BubbleMon allows users to gain elevated \n                        privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     BubbleMon prior to 1.32, FreeBSD\nVulnerability:          bubblemon-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6378.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6391.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field allows attacker to upload\n                        files\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-file-upload\nX-Force URL:            http://xforce.iss.net/static/6393.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field EXPR allows attacker to\n                        execute commands\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-expr\nX-Force URL:            http://xforce.iss.net/static/6392.php\n\nDate Reported:          04/16/2001\nBrief Description:      Linux NetFilter IPTables\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability:          linux-netfilter-iptables\nX-Force URL:            http://xforce.iss.net/static/6390.php\n\nDate Reported:          04/17/2001\nBrief Description:      Xitami Web server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability:          xitami-server-dos\nX-Force URL:            http://xforce.iss.net/static/6389.php\n\nDate Reported:          04/17/2001\nBrief Description:      Samba tmpfile symlink attack could allow\n                        elevated privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n                        Progeny Linux, Caldera OpenLinux eBuilder,\n                        Trustix Secure Linux 1.01, Mandrake Linux \n                        Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n                        Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n                        Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n                        OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability:          samba-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6396.php\n\nDate Reported:          04/17/2001\nBrief Description:      GoAhead WebServer \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability:          goahead-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6400.php\n\nDate Reported:          04/17/2001\nBrief Description:      AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     SimpleServer:WWW 1.03 to 1.08\nVulnerability:          analogx-simpleserver-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6395.php\n\nDate Reported:          04/17/2001\nBrief Description:      Viking Server hexadecimal URL encoded format\n                        directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server prior to 1.07-381\nVulnerability:          viking-hex-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6394.php\n\nDate Reported:          04/17/2001\nBrief Description:      Solaris FTP server allows attacker to recover\n                        shadow file\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 2.6\nVulnerability:          solaris-ftp-shadow-recovery\nX-Force URL:            http://xforce.iss.net/static/6422.php\n\nDate Reported:          04/18/2001\nBrief Description:      The Bat! pop3 denial of service\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     The Bat! 1.51, Windows\nVulnerability:          thebat-pop3-dos\nX-Force URL:            http://xforce.iss.net/static/6423.php\n\nDate Reported:          04/18/2001\nBrief Description:      Eudora allows attacker to obtain files using\n                        plain text attachments\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Eudora 5.0.2\nVulnerability:          eudora-plain-text-attachment\nX-Force URL:            http://xforce.iss.net/static/6431.php\n\nDate Reported:          04/18/2001\nBrief Description:      VMware vmware-mount.pl symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     VMware\nVulnerability:          vmware-mount-symlink\nX-Force URL:            http://xforce.iss.net/static/6420.php\n\nDate Reported:          04/18/2001\nBrief Description:      KFM tmpfile symbolic link could allow local\n                        attackers to overwrite files\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 7.0, K File Manager (KFM)\nVulnerability:          kfm-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6428.php\n\nDate Reported:          04/18/2001\nBrief Description:      CyberScheduler timezone remote buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     CyberScheduler, Mandrake Linux, Windows 2000,\n                        IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n                        Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n                        Linux, Solaris 2.5, Solaris 2.6, Caldera \n                        OpenLinux, Windows NT\nVulnerability:          cyberscheduler-timezone-bo\nX-Force URL:            http://xforce.iss.net/static/6401.php\n\nDate Reported:          04/18/2001\nBrief Description:      Microsoft Data Access Component Internet\n                        Publishing Provider allows WebDAV access\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft Data Access Component 8.103.2519.0,\n                        Windows 95, Windows NT 4.0, Windows 98, Windows\n                        98 Second Edition, Windows 2000, Windows ME \nVulnerability:          ms-dacipp-webdav-access\nX-Force URL:            http://xforce.iss.net/static/6405.php\n\nDate Reported:          04/18/2001\nBrief Description:      Oracle tnslsnr80.exe denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability:          oracle-tnslsnr80-dos\nX-Force URL:            http://xforce.iss.net/static/6427.php\n\nDate Reported:          04/18/2001\nBrief Description:      innfeed -c flag buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux, Slackware Linux, Mandrake Linux,\n                        INN prior to 2.3.1\nVulnerability:          innfeed-c-bo\nX-Force URL:            http://xforce.iss.net/static/6398.php\n\nDate Reported:          04/18/2001\nBrief Description:      iPlanet Calendar Server stores username and\n                        password in plaintext\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     iPlanet Calendar Server 5.0p2\nVulnerability:          iplanet-calendar-plaintext-password\nX-Force URL:            http://xforce.iss.net/static/6402.php\n\nDate Reported:          04/18/2001\nBrief Description:      Linux NEdit symlink when printing\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n                        2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n                        SuSE Linux 7.0, Mandrake Linux Corporate Server\n                        1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability:          nedit-print-symlink\nX-Force URL:            http://xforce.iss.net/static/6424.php\n\nDate Reported:          04/19/2001\nBrief Description:      CheckBO TCP buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     CheckBO 1.56 and earlier\nVulnerability:          checkbo-tcp-bo\nX-Force URL:            http://xforce.iss.net/static/6436.php\n\nDate Reported:          04/19/2001\nBrief Description:      HP-UX pcltotiff uses insecure permissions\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n                        HP-UX 10.26\nVulnerability:          hp-pcltotiff-insecure-permissions\nX-Force URL:            http://xforce.iss.net/static/6447.php\n\nDate Reported:          04/19/2001\nBrief Description:      Netopia Timbuktu allows unauthorized system\n                        access\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Timbuktu Pro, Macintosh OS X\nVulnerability:          netopia-timbuktu-gain-access\nX-Force URL:            http://xforce.iss.net/static/6452.php\n\nDate Reported:          04/20/2001\nBrief Description:      Cisco CBOS could allow attackers to gain \n                        privileged information\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability:          cisco-cbos-gain-information\nX-Force URL:            http://xforce.iss.net/static/6453.php\n\nDate Reported:          04/20/2001\nBrief Description:      Internet Explorer 5.x allows active scripts \n                        using XML stylesheets\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Internet Explorer 5.x, Outlook Express 5.x\nVulnerability:          ie-xml-stylesheets-scripting\nX-Force URL:            http://xforce.iss.net/static/6448.php\n\nDate Reported:          04/20/2001\nBrief Description:      Linux gftp format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     gftp prior to 2.0.8, Mandrake Linux 8.0, \n                        Mandrake Linux Corporate Server 1.0.1, Immunix\n                        Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n                        7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n                        Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n                        Linux 7.0\nVulnerability:          gftp-format-string\nX-Force URL:            http://xforce.iss.net/static/6478.php\n\nDate Reported:          04/20/2001\nBrief Description:      Novell BorderManager VPN client SYN requests \n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Novell BorderManager 3.5\nVulnerability:          bordermanager-vpn-syn-dos\nX-Force URL:            http://xforce.iss.net/static/6429.php\n\nDate Reported:          04/20/2001\nBrief Description:      SAFT sendfiled could allow the execution of\n                        arbitrary code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability:          saft-sendfiled-execute-code\nX-Force URL:            http://xforce.iss.net/static/6430.php\n\nDate Reported:          04/21/2001\nBrief Description:      Mercury MTA for Novell Netware buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability:          mercury-mta-bo\nX-Force URL:            http://xforce.iss.net/static/6444.php\n\nDate Reported:          04/21/2001\nBrief Description:      QNX allows attacker to read files on FAT \n                        partition\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QNX 2.4\nVulnerability:          qnx-fat-file-read\nX-Force URL:            http://xforce.iss.net/static/6437.php\n\nDate Reported:          04/23/2001\nBrief Description:      Viking Server \"dot dot\" (\\...\\) directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server 1.0.7\nVulnerability:          viking-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6450.php\n\nDate Reported:          04/24/2001\nBrief Description:      NetCruiser Web Server could reveal directory\n                        path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     NetCruiser Web Server 0.1.2.8\nVulnerability:          netcruiser-server-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6468.php\n\nDate Reported:          04/24/2001\nBrief Description:      Perl Web Server directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Perl Web Server 0.3 and prior\nVulnerability:          perl-webserver-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6451.php\n\nDate Reported:          04/24/2001\nBrief Description:      Small HTTP Server /aux denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Small HTTP Server 2.03\nVulnerability:          small-http-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6446.php\n\nDate Reported:          04/24/2001\nBrief Description:      IPSwitch IMail SMTP daemon mailing list handler\n                        buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     IPSwitch Imail 6.06 and earlier\nVulnerability:          ipswitch-imail-smtp-bo\nX-Force URL:            http://xforce.iss.net/static/6445.php\n\nDate Reported:          04/25/2001\nBrief Description:      MIT Kerberos 5 could allow attacker to gain root\n                        access by injecting base64-encoded data\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     MIT Kerberos 5\nVulnerability:          kerberos-inject-base64-encode\nX-Force URL:            http://xforce.iss.net/static/6454.php\n\nDate Reported:          04/26/2001\nBrief Description:      IRIX netprint -n allows attacker to access\n                        shared library\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     IRIX 6.x\nVulnerability:          irix-netprint-shared-library\nX-Force URL:            http://xforce.iss.net/static/6473.php\n\nDate Reported:          04/26/2001\nBrief Description:      WebXQ \"dot dot\" directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Windows, WebXQ 2.1.204\nVulnerability:          webxq-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6466.php\n\nDate Reported:          04/26/2001\nBrief Description:      RaidenFTPD \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability:          raidenftpd-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6455.php\n\nDate Reported:          04/27/2001\nBrief Description:      PerlCal CGI cal_make.pl script directory\n                        traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Unix, PerlCal 2.95 and prior\nVulnerability:          perlcal-calmake-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6480.php\n\nDate Reported:          04/28/2001\nBrief Description:      ICQ Web Front plugin denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability:          icq-webfront-dos\nX-Force URL:            http://xforce.iss.net/static/6474.php\n\nDate Reported:          04/28/2001\nBrief Description:      Alex FTP Server \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Alex\u0027s FTP Server 0.7\nVulnerability:          alex-ftp-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6475.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver FTP path disclosure\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-ftp-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6477.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver Web server \"dot dot\" directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-web-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6476.php\n\nDate Reported:          04/29/2001\nBrief Description:      Winamp AIP buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Winamp 2.6x and 2.7x\nVulnerability:          winamp-aip-bo\nX-Force URL:            http://xforce.iss.net/static/6479.php\n\nDate Reported:          04/29/2001\nBrief Description:      BearShare \"dot dot\" allows remote attacker to traverse\n                        directories and download any file\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BearShare 2.2.2 and prior, Windows 95, Windows\n                        98, Windows ME\nVulnerability:          bearshare-dot-download-files\nX-Force URL:            http://xforce.iss.net/static/6481.php\n\nDate Reported:          05/01/2001\nBrief Description:      IIS 5.0 ISAPI extension buffer overflow\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IIS 5.0, Windows 2000 Server, Windows 2000\n                        Advanced Server, Windows 2000 Datacenter Server\nVulnerability:          iis-isapi-bo\nX-Force URL:            http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n        High    Any vulnerability that provides an attacker with immediate\n                access into a machine, gains superuser access, or bypasses\n                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version\n                that allows an intruder to execute commands on mail\n                server. \n        Medium  Any vulnerability that provides information that has a\n                high potential of giving system access to an intruder. \n                Example: A misconfigured TFTP or vulnerable NIS server\n                that allows an intruder to get the password file that\n                could contain an account with a guessable password. \n        Low     Any vulnerability that provides information that\n                potentially could lead to a compromise.  Example:  A\n                finger that allows an intruder to find out who is online\n                and potential accounts to attempt to crack passwords\n                via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business.  With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies.  Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East.  For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0412"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3231"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          }
        ],
        "trust": 3.51
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "OSVDB",
            "id": "1784",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2559",
            "trust": 1.7
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0412",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2636",
            "trust": 1.1
          },
          {
            "db": "XF",
            "id": "6347",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.9
          },
          {
            "db": "BID",
            "id": "2565",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-094",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "6322",
            "trust": 0.7
          },
          {
            "db": "CISCO",
            "id": "20010404 CISCO CONTENT SERVICES SWITCH USER ACCOUNT VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-3231",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6382",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6475",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6343",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6386",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6328",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6333",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6334",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6376",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6345",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6422",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6378",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6342",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6453",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6405",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6321",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6377",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6428",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6450",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6332",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6410",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6478",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6359",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6485",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6414",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6371",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6477",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6395",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6394",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6353",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6466",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6481",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6329",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6372",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6348",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6437",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6367",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6411",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6452",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6354",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6344",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6356",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6420",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6424",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6365",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6415",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6416",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6412",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6391",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6447",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6362",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6408",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6331",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6431",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6479",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6429",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6392",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6396",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6480",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6351",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6468",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6366",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6327",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6474",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6319",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6403",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6413",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6388",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6363",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6454",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6364",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6400",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6339",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6455",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6341",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6318",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6436",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6448",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6320",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6385",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6379",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6402",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6426",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6323",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6369",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6336",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6427",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6446",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6349",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6368",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6389",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6357",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6476",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6401",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6326",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6340",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6337",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6473",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6375",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6409",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6390",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6335",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6393",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6324",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6445",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6404",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6360",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6398",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6430",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6406",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6444",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6330",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6355",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6407",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6374",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6383",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6451",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3231"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-094"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0412"
          }
        ]
      },
      "id": "VAR-200106-0168",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3231"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T22:21:16.532000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0412"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/2559"
          },
          {
            "trust": 1.7,
            "url": "http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/1784"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6322"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6347.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2565"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2636"
          },
          {
            "trust": 0.8,
            "url": "http://www.ritlabs.com/the_bat/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
          },
          {
            "trust": 0.7,
            "url": "http://xforce.iss.net/static/6322.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.thebat.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6323.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6330.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6392.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6444.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6455.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6468.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6452.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6327.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6395.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6485.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6402.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6362.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6366.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6336.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6451.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6334.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6406.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6427.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.iss.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6351.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6343.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6326.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6319.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6344.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6398.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6428.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6353.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6356.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6390.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6450.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6446.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6368.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6332.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6359.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6376.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6354.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6378.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6374.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6394.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6383.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6411.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6414.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6481.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6349.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6365.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6382.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6403.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6324.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6329.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6437.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6388.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6415.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6424.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6342.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6337.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6357.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6348.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/alerts/vol-6_num-6.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6407.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6379.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6389.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6436.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6466.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6412.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6448.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6400.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6318.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6478.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6454.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6372.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6420.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6335.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6345.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6479.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6355.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6321.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6364.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6476.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6393.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6391.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6341.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6371.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6429.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6369.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6405.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6431.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6422.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6410.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6360.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6401.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6413.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6474.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6477.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6385.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6473.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6328.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6377.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6416.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6339.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6367.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6445.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6453.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6375.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/maillists/index.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6475.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6430.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6340.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6396.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6426.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6331.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6386.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/sensitive.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6333.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6480.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6409.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6447.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6404.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6320.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6408.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6363.php"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3231"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-094"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0412"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#601312",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-3231",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-094",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0412",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#601312",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-06-01T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2001-06-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3231",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2001-05-16T01:07:09",
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "date": "2001-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-094",
            "ident": null
          },
          {
            "date": "2001-06-18T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0412",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#601312",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-08-30T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2017-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3231",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-094",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-0412",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-094"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Lotus Domino vulnerable to DoS via crafted HTTP header requests",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "access verification error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-094"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200107-0019

    Vulnerability from variot - Updated: 2026-03-09 21:53

    Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. A potential denial of service condition may exist in Cisco's IOS firmware. The problem reportedly occurs when a large number of UDP packets are sent to device running IOS. This causes the system to use all available CPU resources and thus become unresponsive. The device may have to be reset manually if the attack is successful

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "cisco",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "cisco",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "cisco",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "12.0\\(3\\)"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "12.0\\(2\\)"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "12.0\\(7\\)t"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "12.0\\(5\\)"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "12.0\\(6\\)"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "12.0\\(1\\)"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "12.0\\(4\\)"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rit",
            "version": null
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.101"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.51"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.49"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.48"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.47"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.46"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.45"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.44"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.43"
          },
          {
            "_id": null,
            "model": "research labs the bat! f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.41"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.39"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.36"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.35"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.34"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.33"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.32"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.31"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.22"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.21"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.19"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.18"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.17"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.15"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.14"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.043"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.041"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.039"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.036"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.035"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.032"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.031"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.029"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.028"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.015"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.011"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.52"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0.7"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0.6"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0.5"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0.4"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0.3"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0.1"
          },
          {
            "_id": null,
            "model": "ios 12.0 t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0(5)"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0(3)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "BID",
            "id": "3096"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1097"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Reported to bugtraq by 3APA3A \u003c3APA3A@SECURITY.NNOV.RU\u003e on Wed, 18 Apr, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "2636"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-1097",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-1097",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-3902",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-1097",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#310816",
                "trust": 0.8,
                "value": "1.62"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200107-173",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3902",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3902"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1097"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur.  This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure.  This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server.  The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account. A potential denial of service condition may exist in Cisco\u0027s IOS firmware. \nThe problem reportedly occurs when a large number of UDP packets are sent to device running IOS.  This causes the system to use all available CPU resources and thus become unresponsive.  The device may have to be reset manually if the attack is successful",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1097"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "BID",
            "id": "3096"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3902"
          }
        ],
        "trust": 2.97
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-3902",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3902"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-1097",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "3096",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "2636",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-173",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "6913",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "6319",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010724 UDP PACKET HANDLING WEIRD BEHAVIOUR OF VARIOUS OPERATING SYSTEMS",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010811 RE: UDP PACKET HANDLING WEIRD BEHAVIOUR OF VARIOUS OPERATING SYSTEMS",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "21028",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-74875",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-3902",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3902"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "BID",
            "id": "3096"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1097"
          }
        ]
      },
      "id": "VAR-200107-0019",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3902"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T21:53:47.141000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1097"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/3096"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/199558"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6913"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=99749327219189\u0026w=2"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2636"
          },
          {
            "trust": 0.8,
            "url": "http://www.ritlabs.com/the_bat/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/static/6913.php"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=99749327219189\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.thebat.net"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=99749327219189\u0026amp;w=2"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3902"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "BID",
            "id": "3096"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1097"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-3902",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "db": "BID",
            "id": "3096",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-173",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1097",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-06-01T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2001-07-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3902",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2001-07-25T00:00:00",
            "db": "BID",
            "id": "3096",
            "ident": null
          },
          {
            "date": "2001-07-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200107-173",
            "ident": null
          },
          {
            "date": "2001-07-24T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-1097",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-08-30T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3902",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2015-03-19T08:49:00",
            "db": "BID",
            "id": "3096",
            "ident": null
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200107-173",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-1097",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "BID",
            "id": "3096"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Lotus Domino vulnerable to DoS via many large connects sent to 63148/TCP",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "BID",
            "id": "3096"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200107-0160

    Vulnerability from variot - Updated: 2026-03-09 21:36

    Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. Cisco VPN 3000 Series Concentrator versions prior to 2.5.2(F) have a vulnerability. -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6

    X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php

    This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php


    Contents: * 120 Reported Vulnerabilities * Risk Factor Key


    Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php

    Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php

    Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php

    Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php

    Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php

    Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php

    Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php

    Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php

    Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php

    Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php

    Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php

    Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php

    Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php

    Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php

    Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php

    Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php

    Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php

    Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php

    Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php

    Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php

    Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php

    Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php

    Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php

    Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php

    Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php

    Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php

    Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php

    Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php

    Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php

    Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php

    Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php

    Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php

    Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php

    Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php

    Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php

    Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php

    Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php

    Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php

    Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php

    Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php

    Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php

    Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php

    Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php

    Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php

    Date Reported: 04/16/2001 Brief Description: Microsoft Internet Explorer altering CLSID action allows malicious file execution Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
    Vulnerability: ie-clsid-execute-files X-Force URL: http://xforce.iss.net/static/6426.php

    Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php

    Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php

    Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php

    Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php

    Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php

    Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php

    Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php

    Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php

    Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php

    Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php

    Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php

    Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php

    Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php

    Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php

    Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php

    Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php

    Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php

    Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php

    Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php

    Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php

    Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php

    Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php

    Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php

    Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php

    Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php

    Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php

    Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php

    Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php

    Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php

    Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php

    Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php

    Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php

    Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php

    Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php

    Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php

    Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php

    Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php

    Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php

    Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php

    Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php

    Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php

    Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php

    Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php

    Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php


    Risk Factor Key:

        High    Any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server. 
        Medium  Any vulnerability that provides information that has a
                high potential of giving system access to an intruder. 
                Example: A misconfigured TFTP or vulnerable NIS server
                that allows an intruder to get the password file that
                could contain an account with a guessable password. 
        Low     Any vulnerability that provides information that
                potentially could lead to a compromise.  Example:  A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via brute force methods.
    

    About Internet Security Systems (ISS)

    Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.

    Copyright (c) 2001 by Internet Security Systems, Inc.

    Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.

    Disclaimer

    The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

    X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.

    Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv

    iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": "vpn 3000 concentrator series software",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "2.5.2.c"
          },
          {
            "_id": null,
            "model": "vpn 3000 concentrator series software",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "2.5.2.b"
          },
          {
            "_id": null,
            "model": "vpn 3000 concentrator series software",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "2.5.2.a"
          },
          {
            "_id": null,
            "model": "vpn 3000 concentrator series software",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "2.5.2.d"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rit",
            "version": null
          },
          {
            "_id": null,
            "model": "vpn 3000 concentrator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.5.2.a"
          },
          {
            "_id": null,
            "model": "vpn 3000 concentrator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.5.2.d"
          },
          {
            "_id": null,
            "model": "vpn 3000 concentrator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.5.2.c"
          },
          {
            "_id": null,
            "model": "vpn 3000 concentrator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.5.2.b"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.101"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.51"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.49"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.48"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.47"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.46"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.45"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.44"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.43"
          },
          {
            "_id": null,
            "model": "research labs the bat! f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.41"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.39"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.36"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.35"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.34"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.33"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.32"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.31"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.22"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.21"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.19"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.18"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.17"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.15"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.14"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.043"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.041"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.039"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.036"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.035"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.032"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.031"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.029"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.028"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.015"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.011"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.52"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0428"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Reported to bugtraq by 3APA3A \u003c3APA3A@SECURITY.NNOV.RU\u003e on Wed, 18 Apr, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "2636"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-0428",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-0428",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-3247",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-0428",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#601312",
                "trust": 0.8,
                "value": "9.98"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#310816",
                "trust": 0.8,
                "value": "1.62"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200107-021",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3247",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3247"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0428"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur.  This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure.  This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server.  The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account. Cisco VPN 3000 Series Concentrator versions prior to 2.5.2(F) have a vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported:          04/02/2001\nBrief Description:      The Bat! masked file type in email attachment\n                        could allow execution of code\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     The Bat! 1.49 and earlier\nVulnerability:          thebat-masked-file-type\nX-Force URL:            http://xforce.iss.net/static/6324.php\n\nDate Reported:          04/02/2001\nBrief Description:      PHP-Nuke could allow attackers to redirect ad\n                        banner URL links\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     PHP-Nuke 4.4 and earlier\nVulnerability:          php-nuke-url-redirect\nX-Force URL:            http://xforce.iss.net/static/6342.php\n\nDate Reported:          04/03/2001\nBrief Description:      Orinoco RG-1000 Residential Gateway default SSID\n                        reveals WEP encryption key\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Orinoco Residential Gateway RG-1000\nVulnerability:          orinoco-rg1000-wep-key\nX-Force URL:            http://xforce.iss.net/static/6328.php\n\nDate Reported:          04/03/2001\nBrief Description:      Navision Financials server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Navision Financials 2.5 and 2.6\nVulnerability:          navision-server-dos\nX-Force URL:            http://xforce.iss.net/static/6318.php\n\nDate Reported:          04/03/2001\nBrief Description:      uStorekeeper online shopping system allows\n                        remote file retrieval\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     uStorekeeper 1.61\nVulnerability:          ustorekeeper-retrieve-files\nX-Force URL:            http://xforce.iss.net/static/6319.php\n\nDate Reported:          04/03/2001\nBrief Description:      Resin server allows remote attackers to view\n                        Javabean files\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Resin 1.2.x, Resin 1.3b1\nVulnerability:          resin-view-javabean\nX-Force URL:            http://xforce.iss.net/static/6320.php\n\nDate Reported:          04/03/2001\nBrief Description:      BPFTP could allow attackers to obtain login\n                        credentials\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BPFTP 2.0\nVulnerability:          bpftp-obtain-credentials\nX-Force URL:            http://xforce.iss.net/static/6330.php\n\nDate Reported:          04/04/2001\nBrief Description:      Ntpd server readvar control message buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n                        Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n                        Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n                        earlier, FreeBSD 4.2-Stable, Mandrake Linux\n                        Corporate Server 1.0.1, Mandrake Linux 7.2,\n                        Trustix Secure Linux, Immunix Linux 7.0, \n                        NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n                        eServer 2.3.1\nVulnerability:          ntpd-remote-bo\nX-Force URL:            http://xforce.iss.net/static/6321.php\n\nDate Reported:          04/04/2001\nBrief Description:      Cisco CSS debug mode allows users to gain\n                        administrative access\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco Content Services Switch 11050, Cisco \n                        Content Services Switch 11150, Cisco Content\n                        Services Switch 11800\nVulnerability:          cisco-css-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6322.php\n\nDate Reported:          04/04/2001\nBrief Description:      BEA Tuxedo may allow access to remote services\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BEA Tuxedo 7.1\nVulnerability:          bea-tuxedo-remote-access\nX-Force URL:            http://xforce.iss.net/static/6326.php\n\nDate Reported:          04/05/2001\nBrief Description:      Ultimate Bulletin Board could allow attackers to\n                        bypass authentication\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Ultimate Bulletin Board 5.43, Ultimate Bulletin\n                        Board 5.4.7e\nVulnerability:          ultimatebb-bypass-authentication\nX-Force URL:            http://xforce.iss.net/static/6339.php\n\nDate Reported:          04/05/2001\nBrief Description:      BinTec X4000 NMAP denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n                        BinTec X1200\nVulnerability:          bintec-x4000-nmap-dos\nX-Force URL:            http://xforce.iss.net/static/6323.php\n\nDate Reported:          04/05/2001\nBrief Description:      WatchGuard Firebox II kernel denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     WatchGuard Firebox II prior to 4.6\nVulnerability:          firebox-kernel-dos\nX-Force URL:            http://xforce.iss.net/static/6327.php\n\nDate Reported:          04/06/2001\nBrief Description:      Cisco PIX denial of service due to multiple \n                        TACACS+ requests\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco PIX Firewall 5.1.4\nVulnerability:          cisco-pix-tacacs-dos\nX-Force URL:            http://xforce.iss.net/static/6353.php\n\nDate Reported:          04/06/2001\nBrief Description:      Darren Reed\u0027s IP Filter allows attackers to\n                        access UDP and TCP ports\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IP Filter 3.4.16\nVulnerability:          ipfilter-access-ports\nX-Force URL:            http://xforce.iss.net/static/6331.php\n\nDate Reported:          04/06/2001\nBrief Description:      Veritas NetBackup nc (netcat) command denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     NetBackup 3.2\nVulnerability:          veritas-netbackup-nc-dos\nX-Force URL:            http://xforce.iss.net/static/6329.php\n\nDate Reported:          04/08/2001\nBrief Description:      PGP may allow malicious users to access\n                        authenticated split keys\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     PGP 7.0\nVulnerability:          nai-pgp-split-keys\nX-Force URL:            http://xforce.iss.net/static/6341.php\n\nDate Reported:          04/09/2001\nBrief Description:      Solaris kcms_configure command line buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcms-command-bo\nX-Force URL:            http://xforce.iss.net/static/6359.php\n\nDate Reported:          04/09/2001\nBrief Description:      TalkBack CGI script could allow remote attackers\n                        to read files on the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     TalkBack prior to 1.2\nVulnerability:          talkback-cgi-read-files\nX-Force URL:            http://xforce.iss.net/static/6340.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) implementation\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n                        HP-UX 11.00, NetBSD\nVulnerability:          ftp-glob-implementation\nX-Force URL:            http://xforce.iss.net/static/6333.php\n\nDate Reported:          04/09/2001\nBrief Description:      Pine mail client temp file symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n                        Linux 6.2, Red Hat Linux 7.0\nVulnerability:          pine-tmp-file-symlink\nX-Force URL:            http://xforce.iss.net/static/6367.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) expansion\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n                        OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability:          ftp-glob-expansion\nX-Force URL:            http://xforce.iss.net/static/6332.php\n\nDate Reported:          04/09/2001\nBrief Description:      Netscape embedded JavaScript in GIF file \n                        comments can be used to access remote data\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape Communicator 4.76, Red Hat Linux 6.2,\n                        Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n                        7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n                        Red Hat Linux 7.1\nVulnerability:          netscape-javascript-access-data\nX-Force URL:            http://xforce.iss.net/static/6344.php\n\nDate Reported:          04/09/2001\nBrief Description:      STRIP generates weak passwords\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     STRIP 0.5 and earlier\nVulnerability:          strip-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6362.php\n\nDate Reported:          04/10/2001\nBrief Description:      Solaris Xsun HOME environment variable buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-xsun-home-bo\nX-Force URL:            http://xforce.iss.net/static/6343.php\n\nDate Reported:          04/10/2001\nBrief Description:      Compaq Presario Active X denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Compaq Presario, Windows 98, Windows ME\nVulnerability:          compaq-activex-dos\nX-Force URL:            http://xforce.iss.net/static/6355.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-expert-account\nX-Force URL:            http://xforce.iss.net/static/6354.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on LAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-lan-access\nX-Force URL:            http://xforce.iss.net/static/6336.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on WAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-wan-access\nX-Force URL:            http://xforce.iss.net/static/6337.php\n\nDate Reported:          04/10/2001\nBrief Description:      Oracle Application Server shared library\n                        (ndwfn4.so) buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     iPlanet Web Server 4.x, Oracle Application\n                        Server 4.0.8.2\nVulnerability:          oracle-appserver-ndwfn4-bo\nX-Force URL:            http://xforce.iss.net/static/6334.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems use blank password by\n                        default\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-blank-password\nX-Force URL:            http://xforce.iss.net/static/6335.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris dtsession buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-dtsession-bo\nX-Force URL:            http://xforce.iss.net/static/6366.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcssunwiosolf-bo\nX-Force URL:            http://xforce.iss.net/static/6365.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lightwave ConsoleServer brute force password\n                        attack\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Lightwave ConsoleServer 3200\nVulnerability:          lightwave-consoleserver-brute-force\nX-Force URL:            http://xforce.iss.net/static/6345.php\n\nDate Reported:          04/11/2001\nBrief Description:      nph-maillist allows user to execute code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Email List Generator 3.5 and earlier\nVulnerability:          nph-maillist-execute-code\nX-Force URL:            http://xforce.iss.net/static/6363.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost Configuration Server denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5\nVulnerability:          ghost-configuration-server-dos\nX-Force URL:            http://xforce.iss.net/static/6357.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server DOS device denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-device-dos\nX-Force URL:            http://xforce.iss.net/static/6348.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server HTTP header denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-header-dos\nX-Force URL:            http://xforce.iss.net/static/6347.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server URL parsing denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-url-dos\nX-Force URL:            http://xforce.iss.net/static/6351.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server CORBA denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-corba-dos\nX-Force URL:            http://xforce.iss.net/static/6350.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost database engine denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5, Sybase Adaptive Server Database\n                        Engine 6.0.3.2747\nVulnerability:          ghost-database-engine-dos\nX-Force URL:            http://xforce.iss.net/static/6356.php\n\nDate Reported:          04/11/2001\nBrief Description:      cfingerd daemon remote format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Debian Linux 2.1, Debian Linux 2.2, cfingerd\n                        1.4.3 and earlier\nVulnerability:          cfingerd-remote-format-string\nX-Force URL:            http://xforce.iss.net/static/6364.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server Unicode denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-unicode-dos\nX-Force URL:            http://xforce.iss.net/static/6349.php\n\nDate Reported:          04/11/2001\nBrief Description:      Linux mkpasswd generates weak passwords\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability:          mkpasswd-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6382.php\n\nDate Reported:          04/12/2001\nBrief Description:      Solaris ipcs utility buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-ipcs-bo\nX-Force URL:            http://xforce.iss.net/static/6369.php\n\nDate Reported:          04/12/2001\nBrief Description:      InterScan VirusWall ISADMIN service buffer \n                        overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel , InterScan VirusWall 3.0.1\nVulnerability:          interscan-viruswall-isadmin-bo\nX-Force URL:            http://xforce.iss.net/static/6368.php\n\nDate Reported:          04/12/2001\nBrief Description:      HylaFAX hfaxd format string\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n                        Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n                        Mandrake Linux 7.2, Mandrake Linux Corporate\n                        Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability:          hylafax-hfaxd-format-string\nX-Force URL:            http://xforce.iss.net/static/6377.php\n\nDate Reported:          04/12/2001\nBrief Description:      Cisco VPN 3000 Concentrators invalid IP Option\n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability:          cisco-vpn-ip-dos\nX-Force URL:            http://xforce.iss.net/static/6360.php\n\nDate Reported:          04/13/2001\nBrief Description:      Net.Commerce package in IBM WebSphere reveals\n                        installation path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n                        7, Windows NT 4.0\nVulnerability:          ibm-websphere-reveals-path\nX-Force URL:            http://xforce.iss.net/static/6371.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Term 5.0, QVT/Net 5.0\nVulnerability:          qpc-ftpd-bo\nX-Force URL:            http://xforce.iss.net/static/6376.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     QVT/Net 5.0, QVT/Term 5.0\nVulnerability:          qpc-ftpd-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6375.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC popd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Net 5.0\nVulnerability:          qpc-popd-bo\nX-Force URL:            http://xforce.iss.net/static/6374.php\n\nDate Reported:          04/13/2001\nBrief Description:      NCM Content Management System access database\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     NCM Content Management System\nVulnerability:          ncm-content-database-access\nX-Force URL:            http://xforce.iss.net/static/6386.php\n\nDate Reported:          04/13/2001\nBrief Description:      Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape SmartDownload 1.3, Windows NT, Windows\n                        95, Windows 98\nVulnerability:          netscape-smartdownload-sdph20-bo\nX-Force URL:            http://xforce.iss.net/static/6403.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer accept buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-accept-bo\nX-Force URL:            http://xforce.iss.net/static/6404.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer cancel buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-cancel-bo\nX-Force URL:            http://xforce.iss.net/static/6406.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer disable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-disable-bo\nX-Force URL:            http://xforce.iss.net/static/6407.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer enable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-enable-bo\nX-Force URL:            http://xforce.iss.net/static/6409.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lp buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lp-bo\nX-Force URL:            http://xforce.iss.net/static/6410.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpfilter buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpfilter-bo\nX-Force URL:            http://xforce.iss.net/static/6411.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpstat buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpstat-bo\nX-Force URL:            http://xforce.iss.net/static/6413.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer reject buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-reject-bo\nX-Force URL:            http://xforce.iss.net/static/6414.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer rmail buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-rmail-bo\nX-Force URL:            http://xforce.iss.net/static/6415.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer tput buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-tput-bo\nX-Force URL:            http://xforce.iss.net/static/6416.php\n\nDate Reported:          04/13/2001\nBrief Description:      IBM WebSphere CGI macro denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n                        4.3.x, Solaris 7\nVulnerability:          ibm-websphere-macro-dos\nX-Force URL:            http://xforce.iss.net/static/6372.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpmove buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpmove-bo\nX-Force URL:            http://xforce.iss.net/static/6412.php\n\nDate Reported:          04/14/2001\nBrief Description:      Siemens Reliant Unix ppd -T symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n                        Unix 5.44\nVulnerability:          reliant-unix-ppd-symlink\nX-Force URL:            http://xforce.iss.net/static/6408.php\n\nDate Reported:          04/15/2001\nBrief Description:      Linux Exuberant Ctags package symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, exuberant-ctags\nVulnerability:          exuberant-ctags-symlink\nX-Force URL:            http://xforce.iss.net/static/6388.php\n\nDate Reported:          04/15/2001\nBrief Description:      processit.pl CGI could allow attackers to view\n                        sensitive information about the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     processit.pl\nVulnerability:          processit-cgi-view-info\nX-Force URL:            http://xforce.iss.net/static/6385.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft ISA Server Web Proxy denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft ISA Server 2000\nVulnerability:          isa-web-proxy-dos\nX-Force URL:            http://xforce.iss.net/static/6383.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft Internet Explorer altering CLSID\n                        action allows malicious file execution\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Windows 2000, Internet Explorer 5.5, Windows 98                       \nVulnerability:          ie-clsid-execute-files\nX-Force URL:            http://xforce.iss.net/static/6426.php\n\nDate Reported:          04/16/2001\nBrief Description:      Cisco Catalyst 5000 series switch 802.1x denial\n                        of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco Catalyst 5000 Series\nVulnerability:          cisco-catalyst-8021x-dos\nX-Force URL:            http://xforce.iss.net/static/6379.php\n\nDate Reported:          04/16/2001\nBrief Description:      BubbleMon allows users to gain elevated \n                        privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     BubbleMon prior to 1.32, FreeBSD\nVulnerability:          bubblemon-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6378.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6391.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field allows attacker to upload\n                        files\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-file-upload\nX-Force URL:            http://xforce.iss.net/static/6393.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field EXPR allows attacker to\n                        execute commands\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-expr\nX-Force URL:            http://xforce.iss.net/static/6392.php\n\nDate Reported:          04/16/2001\nBrief Description:      Linux NetFilter IPTables\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability:          linux-netfilter-iptables\nX-Force URL:            http://xforce.iss.net/static/6390.php\n\nDate Reported:          04/17/2001\nBrief Description:      Xitami Web server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability:          xitami-server-dos\nX-Force URL:            http://xforce.iss.net/static/6389.php\n\nDate Reported:          04/17/2001\nBrief Description:      Samba tmpfile symlink attack could allow\n                        elevated privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n                        Progeny Linux, Caldera OpenLinux eBuilder,\n                        Trustix Secure Linux 1.01, Mandrake Linux \n                        Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n                        Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n                        Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n                        OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability:          samba-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6396.php\n\nDate Reported:          04/17/2001\nBrief Description:      GoAhead WebServer \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability:          goahead-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6400.php\n\nDate Reported:          04/17/2001\nBrief Description:      AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     SimpleServer:WWW 1.03 to 1.08\nVulnerability:          analogx-simpleserver-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6395.php\n\nDate Reported:          04/17/2001\nBrief Description:      Viking Server hexadecimal URL encoded format\n                        directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server prior to 1.07-381\nVulnerability:          viking-hex-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6394.php\n\nDate Reported:          04/17/2001\nBrief Description:      Solaris FTP server allows attacker to recover\n                        shadow file\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 2.6\nVulnerability:          solaris-ftp-shadow-recovery\nX-Force URL:            http://xforce.iss.net/static/6422.php\n\nDate Reported:          04/18/2001\nBrief Description:      The Bat! pop3 denial of service\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     The Bat! 1.51, Windows\nVulnerability:          thebat-pop3-dos\nX-Force URL:            http://xforce.iss.net/static/6423.php\n\nDate Reported:          04/18/2001\nBrief Description:      Eudora allows attacker to obtain files using\n                        plain text attachments\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Eudora 5.0.2\nVulnerability:          eudora-plain-text-attachment\nX-Force URL:            http://xforce.iss.net/static/6431.php\n\nDate Reported:          04/18/2001\nBrief Description:      VMware vmware-mount.pl symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     VMware\nVulnerability:          vmware-mount-symlink\nX-Force URL:            http://xforce.iss.net/static/6420.php\n\nDate Reported:          04/18/2001\nBrief Description:      KFM tmpfile symbolic link could allow local\n                        attackers to overwrite files\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 7.0, K File Manager (KFM)\nVulnerability:          kfm-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6428.php\n\nDate Reported:          04/18/2001\nBrief Description:      CyberScheduler timezone remote buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     CyberScheduler, Mandrake Linux, Windows 2000,\n                        IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n                        Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n                        Linux, Solaris 2.5, Solaris 2.6, Caldera \n                        OpenLinux, Windows NT\nVulnerability:          cyberscheduler-timezone-bo\nX-Force URL:            http://xforce.iss.net/static/6401.php\n\nDate Reported:          04/18/2001\nBrief Description:      Microsoft Data Access Component Internet\n                        Publishing Provider allows WebDAV access\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft Data Access Component 8.103.2519.0,\n                        Windows 95, Windows NT 4.0, Windows 98, Windows\n                        98 Second Edition, Windows 2000, Windows ME \nVulnerability:          ms-dacipp-webdav-access\nX-Force URL:            http://xforce.iss.net/static/6405.php\n\nDate Reported:          04/18/2001\nBrief Description:      Oracle tnslsnr80.exe denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability:          oracle-tnslsnr80-dos\nX-Force URL:            http://xforce.iss.net/static/6427.php\n\nDate Reported:          04/18/2001\nBrief Description:      innfeed -c flag buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux, Slackware Linux, Mandrake Linux,\n                        INN prior to 2.3.1\nVulnerability:          innfeed-c-bo\nX-Force URL:            http://xforce.iss.net/static/6398.php\n\nDate Reported:          04/18/2001\nBrief Description:      iPlanet Calendar Server stores username and\n                        password in plaintext\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     iPlanet Calendar Server 5.0p2\nVulnerability:          iplanet-calendar-plaintext-password\nX-Force URL:            http://xforce.iss.net/static/6402.php\n\nDate Reported:          04/18/2001\nBrief Description:      Linux NEdit symlink when printing\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n                        2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n                        SuSE Linux 7.0, Mandrake Linux Corporate Server\n                        1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability:          nedit-print-symlink\nX-Force URL:            http://xforce.iss.net/static/6424.php\n\nDate Reported:          04/19/2001\nBrief Description:      CheckBO TCP buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     CheckBO 1.56 and earlier\nVulnerability:          checkbo-tcp-bo\nX-Force URL:            http://xforce.iss.net/static/6436.php\n\nDate Reported:          04/19/2001\nBrief Description:      HP-UX pcltotiff uses insecure permissions\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n                        HP-UX 10.26\nVulnerability:          hp-pcltotiff-insecure-permissions\nX-Force URL:            http://xforce.iss.net/static/6447.php\n\nDate Reported:          04/19/2001\nBrief Description:      Netopia Timbuktu allows unauthorized system\n                        access\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Timbuktu Pro, Macintosh OS X\nVulnerability:          netopia-timbuktu-gain-access\nX-Force URL:            http://xforce.iss.net/static/6452.php\n\nDate Reported:          04/20/2001\nBrief Description:      Cisco CBOS could allow attackers to gain \n                        privileged information\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability:          cisco-cbos-gain-information\nX-Force URL:            http://xforce.iss.net/static/6453.php\n\nDate Reported:          04/20/2001\nBrief Description:      Internet Explorer 5.x allows active scripts \n                        using XML stylesheets\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Internet Explorer 5.x, Outlook Express 5.x\nVulnerability:          ie-xml-stylesheets-scripting\nX-Force URL:            http://xforce.iss.net/static/6448.php\n\nDate Reported:          04/20/2001\nBrief Description:      Linux gftp format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     gftp prior to 2.0.8, Mandrake Linux 8.0, \n                        Mandrake Linux Corporate Server 1.0.1, Immunix\n                        Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n                        7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n                        Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n                        Linux 7.0\nVulnerability:          gftp-format-string\nX-Force URL:            http://xforce.iss.net/static/6478.php\n\nDate Reported:          04/20/2001\nBrief Description:      Novell BorderManager VPN client SYN requests \n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Novell BorderManager 3.5\nVulnerability:          bordermanager-vpn-syn-dos\nX-Force URL:            http://xforce.iss.net/static/6429.php\n\nDate Reported:          04/20/2001\nBrief Description:      SAFT sendfiled could allow the execution of\n                        arbitrary code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability:          saft-sendfiled-execute-code\nX-Force URL:            http://xforce.iss.net/static/6430.php\n\nDate Reported:          04/21/2001\nBrief Description:      Mercury MTA for Novell Netware buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability:          mercury-mta-bo\nX-Force URL:            http://xforce.iss.net/static/6444.php\n\nDate Reported:          04/21/2001\nBrief Description:      QNX allows attacker to read files on FAT \n                        partition\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QNX 2.4\nVulnerability:          qnx-fat-file-read\nX-Force URL:            http://xforce.iss.net/static/6437.php\n\nDate Reported:          04/23/2001\nBrief Description:      Viking Server \"dot dot\" (\\...\\) directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server 1.0.7\nVulnerability:          viking-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6450.php\n\nDate Reported:          04/24/2001\nBrief Description:      NetCruiser Web Server could reveal directory\n                        path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     NetCruiser Web Server 0.1.2.8\nVulnerability:          netcruiser-server-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6468.php\n\nDate Reported:          04/24/2001\nBrief Description:      Perl Web Server directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Perl Web Server 0.3 and prior\nVulnerability:          perl-webserver-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6451.php\n\nDate Reported:          04/24/2001\nBrief Description:      Small HTTP Server /aux denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Small HTTP Server 2.03\nVulnerability:          small-http-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6446.php\n\nDate Reported:          04/24/2001\nBrief Description:      IPSwitch IMail SMTP daemon mailing list handler\n                        buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     IPSwitch Imail 6.06 and earlier\nVulnerability:          ipswitch-imail-smtp-bo\nX-Force URL:            http://xforce.iss.net/static/6445.php\n\nDate Reported:          04/25/2001\nBrief Description:      MIT Kerberos 5 could allow attacker to gain root\n                        access by injecting base64-encoded data\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     MIT Kerberos 5\nVulnerability:          kerberos-inject-base64-encode\nX-Force URL:            http://xforce.iss.net/static/6454.php\n\nDate Reported:          04/26/2001\nBrief Description:      IRIX netprint -n allows attacker to access\n                        shared library\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     IRIX 6.x\nVulnerability:          irix-netprint-shared-library\nX-Force URL:            http://xforce.iss.net/static/6473.php\n\nDate Reported:          04/26/2001\nBrief Description:      WebXQ \"dot dot\" directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Windows, WebXQ 2.1.204\nVulnerability:          webxq-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6466.php\n\nDate Reported:          04/26/2001\nBrief Description:      RaidenFTPD \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability:          raidenftpd-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6455.php\n\nDate Reported:          04/27/2001\nBrief Description:      PerlCal CGI cal_make.pl script directory\n                        traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Unix, PerlCal 2.95 and prior\nVulnerability:          perlcal-calmake-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6480.php\n\nDate Reported:          04/28/2001\nBrief Description:      ICQ Web Front plugin denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability:          icq-webfront-dos\nX-Force URL:            http://xforce.iss.net/static/6474.php\n\nDate Reported:          04/28/2001\nBrief Description:      Alex FTP Server \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Alex\u0027s FTP Server 0.7\nVulnerability:          alex-ftp-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6475.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver FTP path disclosure\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-ftp-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6477.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver Web server \"dot dot\" directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-web-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6476.php\n\nDate Reported:          04/29/2001\nBrief Description:      Winamp AIP buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Winamp 2.6x and 2.7x\nVulnerability:          winamp-aip-bo\nX-Force URL:            http://xforce.iss.net/static/6479.php\n\nDate Reported:          04/29/2001\nBrief Description:      BearShare \"dot dot\" allows remote attacker to traverse\n                        directories and download any file\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BearShare 2.2.2 and prior, Windows 95, Windows\n                        98, Windows ME\nVulnerability:          bearshare-dot-download-files\nX-Force URL:            http://xforce.iss.net/static/6481.php\n\nDate Reported:          05/01/2001\nBrief Description:      IIS 5.0 ISAPI extension buffer overflow\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IIS 5.0, Windows 2000 Server, Windows 2000\n                        Advanced Server, Windows 2000 Datacenter Server\nVulnerability:          iis-isapi-bo\nX-Force URL:            http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n        High    Any vulnerability that provides an attacker with immediate\n                access into a machine, gains superuser access, or bypasses\n                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version\n                that allows an intruder to execute commands on mail\n                server. \n        Medium  Any vulnerability that provides information that has a\n                high potential of giving system access to an intruder. \n                Example: A misconfigured TFTP or vulnerable NIS server\n                that allows an intruder to get the password file that\n                could contain an account with a guessable password. \n        Low     Any vulnerability that provides information that\n                potentially could lead to a compromise.  Example:  A\n                finger that allows an intruder to find out who is online\n                and potential accounts to attempt to crack passwords\n                via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business.  With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies.  Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East.  For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0428"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3247"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          }
        ],
        "trust": 3.51
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-0428",
            "trust": 1.7
          },
          {
            "db": "OSVDB",
            "id": "1786",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2573",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2636",
            "trust": 1.1
          },
          {
            "db": "XF",
            "id": "6347",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.9
          },
          {
            "db": "BID",
            "id": "2565",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-021",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "6360",
            "trust": 0.7
          },
          {
            "db": "CISCO",
            "id": "20010412 VPN 3000 CONCENTRATOR IP OPTIONS VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-3247",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6382",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6475",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6343",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6386",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6328",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6333",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6334",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6376",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6345",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6422",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6322",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6378",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6342",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6453",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6405",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6321",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6377",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6428",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6450",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6332",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6410",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6478",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6359",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6485",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6414",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6371",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6477",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6395",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6394",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6353",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6466",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6481",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6329",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6372",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6348",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6437",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6367",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6411",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6452",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6354",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6344",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6356",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6420",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6424",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6365",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6415",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6416",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6412",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6391",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6447",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6362",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6408",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6331",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6431",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6479",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6429",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6392",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6396",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6480",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6351",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6468",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6366",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6327",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6474",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6319",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6403",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6413",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6388",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6363",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6454",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6364",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6400",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6339",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6455",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6341",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6318",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6436",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6448",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6320",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6385",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6379",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6402",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6426",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6323",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6369",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6336",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6427",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6446",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6349",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6368",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6389",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6357",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6476",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6401",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6326",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6340",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6337",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6473",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6375",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6409",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6390",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6335",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6393",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6324",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6445",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6404",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6398",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6430",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6406",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6444",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6330",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6355",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6407",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6374",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6383",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6451",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3247"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0428"
          }
        ]
      },
      "id": "VAR-200107-0160",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3247"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T21:36:34.239000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0428"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/2573"
          },
          {
            "trust": 1.7,
            "url": "http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/1786"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6360"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6347.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2565"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2636"
          },
          {
            "trust": 0.8,
            "url": "http://www.ritlabs.com/the_bat/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
          },
          {
            "trust": 0.7,
            "url": "http://xforce.iss.net/static/6360.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.thebat.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6323.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6330.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6392.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6444.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6455.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6468.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6452.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6327.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6395.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6485.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6402.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6362.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6366.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6336.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6451.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6334.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6406.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6427.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.iss.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6351.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6343.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6326.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6319.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6344.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6398.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6428.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6353.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6356.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6390.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6450.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6446.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6368.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6332.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6359.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6376.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6354.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6378.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6374.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6394.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6383.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6411.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6414.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6481.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6349.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6365.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6382.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6403.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6324.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6329.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6437.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6388.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6415.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6424.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6342.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6337.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6357.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6348.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/alerts/vol-6_num-6.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6407.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6379.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6389.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6436.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6466.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6412.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6448.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6400.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6318.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6478.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6454.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6372.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6420.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6335.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6345.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6479.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6355.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6321.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6364.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6476.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6393.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6391.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6341.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6371.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6429.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6369.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6405.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6431.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6422.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6410.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6401.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6413.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6474.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6477.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6385.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6473.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6328.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6377.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6416.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6339.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6367.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6445.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6453.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6375.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/maillists/index.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6475.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6430.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6340.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6396.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6426.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6331.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6386.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/sensitive.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6333.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6480.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6409.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6447.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6404.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6320.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6408.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6322.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6363.php"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3247"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0428"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#601312",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-3247",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-021",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0428",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#601312",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-06-01T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2001-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3247",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2001-05-16T01:07:09",
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "date": "2001-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200107-021",
            "ident": null
          },
          {
            "date": "2001-07-02T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0428",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#601312",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-08-30T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2018-10-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3247",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200107-021",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-0428",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-021"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "Lotus Domino vulnerable to DoS via crafted HTTP header requests",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "unknown",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200107-021"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200106-0092

    Vulnerability from variot - Updated: 2026-03-09 20:38

    Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "pix firewall 520",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "*"
          },
          {
            "_id": null,
            "model": "pix firewall 515",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "*"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rit",
            "version": null
          },
          {
            "_id": null,
            "model": "pix firewall 520",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "pix firewall 515",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.101"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.51"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.49"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.48"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.47"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.46"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.45"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.44"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.43"
          },
          {
            "_id": null,
            "model": "research labs the bat! f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.41"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.39"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.36"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.35"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.34"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.33"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.32"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.31"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.22"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.21"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.19"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.18"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.17"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.15"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.14"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.043"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.041"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.039"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.036"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.035"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.032"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.031"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.029"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.028"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.015"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.011"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.52"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-095"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0375"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Reported to bugtraq by 3APA3A \u003c3APA3A@SECURITY.NNOV.RU\u003e on Wed, 18 Apr, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "2636"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-0375",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-0375",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-3194",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-0375",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#310816",
                "trust": 0.8,
                "value": "1.62"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200106-095",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3194",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3194"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-095"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0375"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur.  This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure.  This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server.  The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0375"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3194"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-3194",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3194"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-0375",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2551",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "2636",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-095",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20010406 PIX FIREWALL 5.1 DOS VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "6353",
            "trust": 0.6
          },
          {
            "db": "CISCO",
            "id": "20011003 CISCO PIX FIREWALL AUTHENTICATION DENIAL OF SERVICE VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-74596",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "20734",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-3194",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3194"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-095"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0375"
          }
        ]
      },
      "id": "VAR-200106-0092",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3194"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T20:38:09.301000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0375"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/2551"
          },
          {
            "trust": 1.7,
            "url": "http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=98658271707833\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6353"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2636"
          },
          {
            "trust": 0.8,
            "url": "http://www.ritlabs.com/the_bat/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98658271707833\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/6353"
          },
          {
            "trust": 0.3,
            "url": "http://www.thebat.net"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3194"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-095"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0375"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-3194",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-095",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0375",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-06-01T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2001-06-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3194",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2001-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-095",
            "ident": null
          },
          {
            "date": "2001-06-18T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0375",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-08-30T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2017-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3194",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2005-05-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-095",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-0375",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-095"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Lotus Domino vulnerable to DoS via many large connects sent to 63148/TCP",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "unknown",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-095"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201202-0137

    Vulnerability from variot - Updated: 2026-03-09 20:07

    Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. libpng is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely crash the library. Micro Focus Autonomy KeyView IDOL is a library from Micro Focus UK that can decode more than 1000 different file formats. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: Symantec Products KeyView File Processing Vulnerabilities

    SECUNIA ADVISORY ID: SA51365

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51365/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51365

    RELEASE DATE: 2012-11-21

    DISCUSS ADVISORY: http://secunia.com/advisories/51365/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/51365/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=51365

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Symantec has acknowledged some vulnerabilities in multiple products, which can be exploited by malicious people to compromise a vulnerable system.

    For more information: SA51362

    The vulnerabilities are reported in the following products: * Symantec Mail Security for Microsoft Exchange (SMSMSE) versions 6.5.x * Symantec Mail Security for Domino (SMSDOM) versions 8.1.x * Symantec Messaging Gateway (SMG) versions 9.5.x * Symantec Data Loss Prevention(DLP) Enforce/Detection Servers for Windows versions 11.x * Symantec Data Loss Prevention Enforce/Detection Servers for Linux versions 11.x * Symantec Data Loss Prevention Endpoint Agents versions 11.x

    SOLUTION: Update of upgrade to a fixed version.

    Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    ORIGINAL ADVISORY: Symantec: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121120_00

    US-CERT: http://www.kb.cert.org/vuls/id/849841

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    . ============================================================================ Ubuntu Security Notice USN-1367-2 February 17, 2012

    firefox vulnerability

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 11.10
    • Ubuntu 11.04
    • Ubuntu 10.10
    • Ubuntu 10.04 LTS

    Summary:

    Firefox could be made to crash or run programs as your login if it opened a specially crafted file.

    Original advisory details:

    Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-15


                                            http://security.gentoo.org/
    

    Severity: Normal Title: libpng: Multiple vulnerabilities Date: June 22, 2012 Bugs: #373967, #386185, #401987, #404197, #410153 ID: 201206-15


    Synopsis

    Multiple vulnerabilities in libpng might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. It is used by several programs, including web browsers and potentially server processes.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 media-libs/libpng < 1.5.10 >= 1.5.10 *>= 1.2.49

    Description

    Multiple vulnerabilities have been discovered in libpng:

    • The "embedded_profile_len()" function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063).
    • The "png_format_buffer()" function in pngerror.c contains an off-by-one error (CVE-2011-2501).
    • The "png_rgb_to_gray()" function in pngrtran.c contains an integer overflow error (CVE-2011-2690).
    • The "png_err()" function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691).
    • The "png_handle_sCAL()" function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692).
    • The "png_decompress_chunk()" function in pngrutil.c contains an integer overflow error (CVE-2011-3026).
    • The "png_inflate()" function in pngrutil.c contains and out of bounds error (CVE-2011-3045).
    • The "png_set_text_2()" function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048).
    • The "png_formatted_warning()" function in pngerror.c contains an off-by-one error (CVE-2011-3464).

    Workaround

    There is no known workaround at this time.

    Resolution

    All libpng 1.5 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.10"

    All libpng 1.2 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.49"

    Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

    References

    [ 1 ] CVE-2009-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5063 [ 2 ] CVE-2011-2501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2501 [ 3 ] CVE-2011-2690 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2690 [ 4 ] CVE-2011-2691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2691 [ 5 ] CVE-2011-2692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2692 [ 6 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 7 ] CVE-2011-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3045 [ 8 ] CVE-2011-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3048 [ 9 ] CVE-2011-3464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3464

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201206-15.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . Summary:

    Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4.

    The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

    1. Description:

    SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor.

    A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG (Portable Network Graphics) images. (CVE-2011-3026)

    All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.

    This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

    1. Bugs fixed (http://bugzilla.redhat.com/):

    790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk

    1. Package List:

    Red Hat Enterprise Linux AS version 4:

    Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm

    i386: seamonkey-1.0.9-79.el4.i386.rpm seamonkey-chat-1.0.9-79.el4.i386.rpm seamonkey-debuginfo-1.0.9-79.el4.i386.rpm seamonkey-devel-1.0.9-79.el4.i386.rpm seamonkey-dom-inspector-1.0.9-79.el4.i386.rpm seamonkey-js-debugger-1.0.9-79.el4.i386.rpm seamonkey-mail-1.0.9-79.el4.i386.rpm

    ia64: seamonkey-1.0.9-79.el4.ia64.rpm seamonkey-chat-1.0.9-79.el4.ia64.rpm seamonkey-debuginfo-1.0.9-79.el4.ia64.rpm seamonkey-devel-1.0.9-79.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm seamonkey-js-debugger-1.0.9-79.el4.ia64.rpm seamonkey-mail-1.0.9-79.el4.ia64.rpm

    ppc: seamonkey-1.0.9-79.el4.ppc.rpm seamonkey-chat-1.0.9-79.el4.ppc.rpm seamonkey-debuginfo-1.0.9-79.el4.ppc.rpm seamonkey-devel-1.0.9-79.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-79.el4.ppc.rpm seamonkey-js-debugger-1.0.9-79.el4.ppc.rpm seamonkey-mail-1.0.9-79.el4.ppc.rpm

    s390: seamonkey-1.0.9-79.el4.s390.rpm seamonkey-chat-1.0.9-79.el4.s390.rpm seamonkey-debuginfo-1.0.9-79.el4.s390.rpm seamonkey-devel-1.0.9-79.el4.s390.rpm seamonkey-dom-inspector-1.0.9-79.el4.s390.rpm seamonkey-js-debugger-1.0.9-79.el4.s390.rpm seamonkey-mail-1.0.9-79.el4.s390.rpm

    s390x: seamonkey-1.0.9-79.el4.s390x.rpm seamonkey-chat-1.0.9-79.el4.s390x.rpm seamonkey-debuginfo-1.0.9-79.el4.s390x.rpm seamonkey-devel-1.0.9-79.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-79.el4.s390x.rpm seamonkey-js-debugger-1.0.9-79.el4.s390x.rpm seamonkey-mail-1.0.9-79.el4.s390x.rpm

    x86_64: seamonkey-1.0.9-79.el4.x86_64.rpm seamonkey-chat-1.0.9-79.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm seamonkey-devel-1.0.9-79.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm seamonkey-mail-1.0.9-79.el4.x86_64.rpm

    Red Hat Enterprise Linux Desktop version 4:

    Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm

    i386: seamonkey-1.0.9-79.el4.i386.rpm seamonkey-chat-1.0.9-79.el4.i386.rpm seamonkey-debuginfo-1.0.9-79.el4.i386.rpm seamonkey-devel-1.0.9-79.el4.i386.rpm seamonkey-dom-inspector-1.0.9-79.el4.i386.rpm seamonkey-js-debugger-1.0.9-79.el4.i386.rpm seamonkey-mail-1.0.9-79.el4.i386.rpm

    x86_64: seamonkey-1.0.9-79.el4.x86_64.rpm seamonkey-chat-1.0.9-79.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm seamonkey-devel-1.0.9-79.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm seamonkey-mail-1.0.9-79.el4.x86_64.rpm

    Red Hat Enterprise Linux ES version 4:

    Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm

    i386: seamonkey-1.0.9-79.el4.i386.rpm seamonkey-chat-1.0.9-79.el4.i386.rpm seamonkey-debuginfo-1.0.9-79.el4.i386.rpm seamonkey-devel-1.0.9-79.el4.i386.rpm seamonkey-dom-inspector-1.0.9-79.el4.i386.rpm seamonkey-js-debugger-1.0.9-79.el4.i386.rpm seamonkey-mail-1.0.9-79.el4.i386.rpm

    ia64: seamonkey-1.0.9-79.el4.ia64.rpm seamonkey-chat-1.0.9-79.el4.ia64.rpm seamonkey-debuginfo-1.0.9-79.el4.ia64.rpm seamonkey-devel-1.0.9-79.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm seamonkey-js-debugger-1.0.9-79.el4.ia64.rpm seamonkey-mail-1.0.9-79.el4.ia64.rpm

    x86_64: seamonkey-1.0.9-79.el4.x86_64.rpm seamonkey-chat-1.0.9-79.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm seamonkey-devel-1.0.9-79.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm seamonkey-mail-1.0.9-79.el4.x86_64.rpm

    Red Hat Enterprise Linux WS version 4:

    Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm

    i386: seamonkey-1.0.9-79.el4.i386.rpm seamonkey-chat-1.0.9-79.el4.i386.rpm seamonkey-debuginfo-1.0.9-79.el4.i386.rpm seamonkey-devel-1.0.9-79.el4.i386.rpm seamonkey-dom-inspector-1.0.9-79.el4.i386.rpm seamonkey-js-debugger-1.0.9-79.el4.i386.rpm seamonkey-mail-1.0.9-79.el4.i386.rpm

    ia64: seamonkey-1.0.9-79.el4.ia64.rpm seamonkey-chat-1.0.9-79.el4.ia64.rpm seamonkey-debuginfo-1.0.9-79.el4.ia64.rpm seamonkey-devel-1.0.9-79.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm seamonkey-js-debugger-1.0.9-79.el4.ia64.rpm seamonkey-mail-1.0.9-79.el4.ia64.rpm

    x86_64: seamonkey-1.0.9-79.el4.x86_64.rpm seamonkey-chat-1.0.9-79.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm seamonkey-devel-1.0.9-79.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm seamonkey-mail-1.0.9-79.el4.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    1. References:

    https://www.redhat.com/security/data/cve/CVE-2011-3026.html https://access.redhat.com/security/updates/classification/#critical

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    APPLE-SA-2012-09-19-1 iOS 6

    iOS 6 is now available and addresses the following:

    CFNetwork Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. CFNetwork may send requests to an incorrect hostname, resulting in the disclosure of sensitive information. This issue was addressed through improvements to URL handling. CVE-ID CVE-2012-3724 : Erling Ellingsen of Facebook

    CoreGraphics Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in FreeType Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues were addressed by updating FreeType to version 2.4.9. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144

    CoreMedia Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC

    DHCP Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2012-3725 : Mark Wuergler of Immunity, Inc.

    ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue was addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167

    ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 CVE-2011-3328

    ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved memory management. CVE-ID CVE-2012-3726 : Phil of PKJE Consulting

    ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative

    International Components for Unicode Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-4599

    IPSec Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3727 : iOS Jailbreak Dream Team

    Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: An invalid pointer dereference issue existed in the kernel's handling of packet filter ioctls. This may allow an attacker to alter kernel memory. This issue was addressed through improved error handling. CVE-ID CVE-2012-3728 : iOS Jailbreak Dream Team

    Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An uninitialized memory access issue existed in the Berkeley Packet Filter interpreter, which led to the disclosure of memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3729 : Dan Rosenberg

    libxml Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues were addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla

    Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Mail may present the wrong attachment in a message Description: A logic issue existed in Mail's handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders. This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments. CVE-ID CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security Team

    Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Email attachments may be read without user's passcode Description: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments. CVE-ID CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich Stuntebeck of AirWatch

    Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker may spoof the sender of a S/MIME signed message Description: S/MIME signed messages displayed the untrusted 'From' address, instead of the name associated with the message signer's identity. This issue was addressed by displaying the address associated with the message signer's identity when it is available. CVE-ID CVE-2012-3732 : An anonymous researcher

    Messages Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may unintentionally disclose the existence of their email addresses Description: When a user had multiple email addresses associated with iMessage, replying to a message may have resulted in the reply being sent from a different email address. This may disclose another email address associated to the user's account. This issue was addressed by always replying from the email address the original message was sent to. CVE-ID CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC

    Office Viewer Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Unencrypted document data may be written to a temporary file Description: An information disclosure issue existed in the support for viewing Microsoft Office files. When viewing a document, the Office Viewer would write a temporary file containing data from the viewed document to the temporary directory of the invoking process. For an application that uses data protection or other encryption to protect the user's files, this could lead to information disclosure. This issue was addressed by avoiding creation of temporary files when viewing Office documents. CVE-ID CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies

    OpenGL Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. These issues were addressed through improved validation of GLSL shaders. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team

    Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device could briefly view the last used third-party app on a locked device Description: A logic issue existed with the display of the "Slide to Power Off" slider on the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3735 : Chris Lawrence DBB

    Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A logic issue existed in the termination of FaceTime calls from the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3736 : Ian Vitek of 2Secure AB

    Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: All photos may be accessible at the lock screen Description: A design issue existed in the support for viewing photos that were taken at the lock screen. In order to determine which photos to permit access to, the passcode lock consulted the time at which the device was locked and compared it to the time that a photo was taken. By spoofing the current time, an attacker could gain access to photos that were taken before the device was locked. This issues was addressed by explicitly keeping track of the photos that were taken while the device was locked. CVE-ID CVE-2012-3737 : Ade Barkah of BlueWax Inc.

    Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may perform FaceTime calls Description: A logic issue existed in the Emergency Dialer screen, which permitted FaceTime calls via Voice Dialing on the locked device. This could also disclose the user's contacts via contact suggestions. This issue was addressed by disabling Voice Dialing on the Emergency Dialer screen. CVE-ID CVE-2012-3738 : Ade Barkah of BlueWax Inc.

    Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: Using the camera from the screen lock could in some cases interfere with automatic lock functionality, allowing a person with physical access to the device to bypass the Passcode Lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal Computing Centre (BRZ)

    Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A state management issue existed in the handling of the screen lock. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3740 : Ian Vitek of 2Secure AB

    Restrictions Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may be able to make purchases without entering Apple ID credentials Description: After disabling Restrictions, iOS may not ask for the user's password during a transaction. This issue was addressed by additional enforcement of purchase authorization. CVE-ID CVE-2012-3741 : Kevin Makens of Redwood High School

    Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Websites may use characters with an appearance similar to the lock icon in their titles Description: Websites could use a Unicode character to create a lock icon in the page title. This icon was similar in appearance to the icon used to indicate a secure connection, and could have lead the user to believe a secure connection had been established. This issue was addressed by removing these characters from page titles. CVE-ID CVE-2012-3742 : Boku Kihara of Lepidum

    Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Passwords may autocomplete even when the site specifies that autocomplete should be disabled Description: Password input elements with the autocomplete attribute set to "off" were being autocompleted. This issue was addressed through improved handling of the autocomplete attribute. CVE-ID CVE-2012-0680 : Dan Poltawski of Moodle

    System Logs Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Sandboxed apps may obtain system log content Description: Sandboxed apps had read access to /var/log directory, which may allow them to obtain sensitive information contained in system logs. This issue was addressed by denying sandboxed apps access to the /var/log directory. CVE-ID CVE-2012-3743

    Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may appear to have been sent by an arbitrary user Description: Messages displayed the return address of an SMS message as the sender. Return addresses may be spoofed. This issue was addressed by always displaying the originating address instead of the return address. CVE-ID CVE-2012-3744 : pod2g

    Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may disrupt cellular connectivity Description: An off-by-one buffer overflow existed in the handling of SMS user data headers. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3745 : pod2g

    UIKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker that gains access to a device's filesystem may be able to read files that were being displayed in a UIWebView Description: Applications that use UIWebView may leave unencrypted files on the file system even when a passcode is enabled. This issue was addressed through improved use of data protection. CVE-ID CVE-2012-3746 : Ben Smith of Box

    WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2011-3016 : miaubiz CVE-2011-3021 : Arthur Gerkis CVE-2011-3027 : miaubiz CVE-2011-3032 : Arthur Gerkis CVE-2011-3034 : Arthur Gerkis CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis CVE-2011-3036 : miaubiz CVE-2011-3037 : miaubiz CVE-2011-3038 : miaubiz CVE-2011-3039 : miaubiz CVE-2011-3040 : miaubiz CVE-2011-3041 : miaubiz CVE-2011-3042 : miaubiz CVE-2011-3043 : miaubiz CVE-2011-3044 : Arthur Gerkis CVE-2011-3050 : miaubiz CVE-2011-3053 : miaubiz CVE-2011-3059 : Arthur Gerkis CVE-2011-3060 : miaubiz CVE-2011-3064 : Atte Kettunen of OUSPG CVE-2011-3068 : miaubiz CVE-2011-3069 : miaubiz CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative CVE-2011-3073 : Arthur Gerkis CVE-2011-3074 : Slawomir Blazek CVE-2011-3075 : miaubiz CVE-2011-3076 : miaubiz CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team CVE-2011-3081 : miaubiz CVE-2011-3086 : Arthur Gerkis CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz CVE-2011-3090 : Arthur Gerkis CVE-2011-3105 : miaubiz CVE-2011-3913 : Arthur Gerkis CVE-2011-3924 : Arthur Gerkis CVE-2011-3926 : Arthur Gerkis CVE-2011-3958 : miaubiz CVE-2011-3966 : Aki Helin of OUSPG CVE-2011-3968 : Arthur Gerkis CVE-2011-3969 : Arthur Gerkis CVE-2011-3971 : Arthur Gerkis CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-2818 : miaubiz CVE-2012-3589 : Dave Mandelin of Mozilla CVE-2012-3590 : Apple Product Security CVE-2012-3591 : Apple Product Security CVE-2012-3592 : Apple Product Security CVE-2012-3593 : Apple Product Security CVE-2012-3594 : miaubiz CVE-2012-3595 : Martin Barbella of Google Chrome Security CVE-2012-3596 : Skylined of the Google Chrome Security Team CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3598 : Apple Product Security CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3600 : David Levin of the Chromium development community CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer CVE-2012-3602 : miaubiz CVE-2012-3603 : Apple Product Security CVE-2012-3604 : Skylined of the Google Chrome Security Team CVE-2012-3605 : Cris Neckar of the Google Chrome Security team CVE-2012-3608 : Skylined of the Google Chrome Security Team CVE-2012-3609 : Skylined of the Google Chrome Security Team CVE-2012-3610 : Skylined of the Google Chrome Security Team CVE-2012-3611 : Apple Product Security CVE-2012-3612 : Skylined of the Google Chrome Security Team CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3614 : Yong Li of Research In Motion, Inc. CVE-2012-3615 : Stephen Chenney of the Chromium development community CVE-2012-3617 : Apple Product Security CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3624 : Skylined of the Google Chrome Security Team CVE-2012-3625 : Skylined of Google Chrome Security Team CVE-2012-3626 : Apple Product Security CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome Security team CVE-2012-3628 : Apple Product Security CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3640 : miaubiz CVE-2012-3641 : Slawomir Blazek CVE-2012-3642 : miaubiz CVE-2012-3644 : miaubiz CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3646 : Julien Chaffraix of the Chromium development community, Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3647 : Skylined of the Google Chrome Security Team CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the Google Chrome Security Team CVE-2012-3652 : Martin Barbella of Google Chrome Security Team CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3655 : Skylined of the Google Chrome Security Team CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3658 : Apple CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3661 : Apple Product Security CVE-2012-3663 : Skylined of Google Chrome Security Team CVE-2012-3664 : Thomas Sepez of the Chromium development community CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3666 : Apple CVE-2012-3667 : Trevor Squires of propaneapp.com CVE-2012-3668 : Apple Product Security CVE-2012-3669 : Apple Product Security CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security Team, Arthur Gerkis CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome Security Team CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3674 : Skylined of Google Chrome Security Team CVE-2012-3676 : Julien Chaffraix of the Chromium development community CVE-2012-3677 : Apple CVE-2012-3678 : Apple Product Security CVE-2012-3679 : Chris Leary of Mozilla CVE-2012-3680 : Skylined of Google Chrome Security Team CVE-2012-3681 : Apple CVE-2012-3682 : Adam Barth of the Google Chrome Security Team CVE-2012-3683 : wushi of team509 working with iDefense VCP CVE-2012-3684 : kuzzcc CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing) CVE-2012-3703 : Apple Product Security CVE-2012-3704 : Skylined of the Google Chrome Security Team CVE-2012-3706 : Apple Product Security CVE-2012-3708 : Apple CVE-2012-3710 : James Robinson of Google CVE-2012-3747 : David Bloom of Cue

    WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of CSS property values. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-3691 : Apple

    WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious website may be able to replace the contents of an iframe on another site Description: A cross-origin issue existed in the handling of iframes in popup windows. This issue was addressed through improved origin tracking. CVE-ID CVE-2011-3067 : Sergey Glazunov

    WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of iframes and fragment identifiers. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, and Dan Boneh of the Stanford University Security Laboratory

    WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters. These could have been used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue was addressed by supplementing WebKit's list of known look-alike characters. Look- alike characters are rendered in Punycode in the address bar. CVE-ID CVE-2012-3693 : Matt Cooley of Symantec

    WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A canonicalization issue existed in the handling of URLs. This may have led to cross-site scripting on sites which use the location.href property. This issue was addressed through improved canonicalization of URLs. CVE-ID CVE-2012-3695 : Masato Kinugawa

    WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to HTTP request splitting Description: An HTTP header injection issue existed in the handling of WebSockets. This issue was addressed through improved WebSockets URI sanitization. CVE-ID CVE-2012-3696 : David Belcher of the BlackBerry Security Incident Response Team

    WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof the value in the URL bar Description: A state management issue existed in the handling of session history. Navigations to a fragment on the current page may cause Safari to display incorrect information in the URL bar. This issue was addressed through improved session state tracking. CVE-ID CVE-2011-2845 : Jordi Chancel

    WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of the disclosure of memory contents Description: An uninitialized memory access issue existed in the handling of SVG images. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3650 : Apple

    Installation note:

    This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

    iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

    The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

    To check that the iPhone, iPod touch, or iPad has been updated:

    • Navigate to Settings
    • Select General
    • Select About. The version after applying this update will be "6.0".

    Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org

    iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo 3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5 TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0 8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9 n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP XtT4lS60xKz63YSg79dd =LvMt -----END PGP SIGNATURE----- . The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0137",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 2.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "chrome",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "google",
            "version": "17.0.963.56"
          },
          {
            "model": "opensuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "11.4"
          },
          {
            "model": "iphone os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "6.0"
          },
          {
            "model": "mac os x server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.7.0"
          },
          {
            "model": "mac os x server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.7.5"
          },
          {
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.7.5"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.6.8"
          },
          {
            "model": "mac os x",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.7.0"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.6.8"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "autonomy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ca",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "emc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hyland",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lotus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nuance",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "palisade",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "proofpoint",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "trend micro",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "trustwave",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "verdasys",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "websense",
            "version": null
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "12.0.742.100"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.11"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.8"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.42"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "linux enterprise sdk sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "16.0.912.75"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.203"
          },
          {
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1.1"
          },
          {
            "model": "aura session manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.105"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.9"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.7"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.7"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.1"
          },
          {
            "model": "beta01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.27"
          },
          {
            "model": "messaging storage server sp8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.213"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.306"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.17"
          },
          {
            "model": "firefox beta10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.11"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.208"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.4"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.1"
          },
          {
            "model": "firefox beta6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "lotus notes fix pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.34"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.15"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.2"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.12"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.5"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.4"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.21"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10.0.648.127"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.16"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.7.1"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.4"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.44"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.225"
          },
          {
            "model": "lotus notes fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.33"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.8"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "chrome",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "google",
            "version": "17.0.963.56"
          },
          {
            "model": "messaging storage server sp9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.3"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.7"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "9.0.597.107"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.8"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.219"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.36"
          },
          {
            "model": "application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "model": "aura system platform sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0.2"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.218"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.217"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.4.1"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.19"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.8"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.20"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.2"
          },
          {
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7.0.1"
          },
          {
            "model": "linux enterprise server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.1"
          },
          {
            "model": "aura experience portal sp2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.3"
          },
          {
            "model": "lotus notes fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.32"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.9"
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.2"
          },
          {
            "model": "aura application server sip core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "model": "firefox rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0"
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.17"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "15.0.874.120"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.77"
          },
          {
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.0"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.3.0.3"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "firefox beta8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.209"
          },
          {
            "model": "productions pale moon",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "moonchild",
            "version": "3.6.30"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.226"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.16"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.10"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0"
          },
          {
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.11"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.14"
          },
          {
            "model": "beta01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.4"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "8.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "15.0.874.121"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.5"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.17"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "aura presence services sp2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.13"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "16.0.912.77"
          },
          {
            "model": "beta19",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.15"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.13"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "13.0.782.112"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.11"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.5.7"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.12"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.9"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.8"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.15"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.4"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.216"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.24"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0.2"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.344"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "model": "aura application server sip core pb23",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "8.0.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5.1.1"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "13.0.782.215"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.200"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.19"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.19"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "seamonkey beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.02"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.2"
          },
          {
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2.2"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "14.0.835.202"
          },
          {
            "model": "seamonkey alpha2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.1"
          },
          {
            "model": "lotus notes fp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "model": "iron",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "srware",
            "version": "18.0.1050.0"
          },
          {
            "model": "firefox beta4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.57"
          },
          {
            "model": "conferencing standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.3"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.3"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.18"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.303"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5.0"
          },
          {
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.18"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.23"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.211"
          },
          {
            "model": "voice portal sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.11"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.18"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.19"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.104"
          },
          {
            "model": "enterprise linux desktop version",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "8.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.12"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2011"
          },
          {
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.5.8"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.13"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.10"
          },
          {
            "model": "enterprise linux desktop client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.17"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.26"
          },
          {
            "model": "iron",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "srware",
            "version": "11.0.700.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "9.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.6"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.024"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.4"
          },
          {
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "aura communication manager utility services sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.16.1.0.9.8"
          },
          {
            "model": "productions pale moon",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moonchild",
            "version": "3.6.29"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.17"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "11.4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.13"
          },
          {
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.11"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.215"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.0"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.14"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.9"
          },
          {
            "model": "storwize unified",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.23"
          },
          {
            "model": "lotus notes",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.5"
          },
          {
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.7"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.4"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.1"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.20"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.302"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.310"
          },
          {
            "model": "messaging storage server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "messaging storage server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.5.4"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.5"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "16.0.91275"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.5"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.12"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.9"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.14"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.27"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.7"
          },
          {
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.9"
          },
          {
            "model": "conferencing standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.2"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.13"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.8"
          },
          {
            "model": "linux enterprise software development kit sp1 for sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.11"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.15"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.19"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.15"
          },
          {
            "model": "iron",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "srware",
            "version": "11.0.700.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.4"
          },
          {
            "model": "firefox rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "13.0.782.107"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.18"
          },
          {
            "model": "voice portal sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "14"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.202"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.6"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.16"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.20"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.25"
          },
          {
            "model": "message networking sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.11"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.68"
          },
          {
            "model": "message networking sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "linux enterprise server for vmware sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.549.0"
          },
          {
            "model": "seamonkey rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0"
          },
          {
            "model": "iron",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "srware",
            "version": "11.0.700.0"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "firefox beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.13"
          },
          {
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.63"
          },
          {
            "model": "communication server 1000e signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.6"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.3"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.207"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.5"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.5"
          },
          {
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "model": "productions pale moon",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "moonchild",
            "version": "9.2"
          },
          {
            "model": "aura system manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5.0.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.22"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.9"
          },
          {
            "model": "messaging storage server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "thunderbird",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.2"
          },
          {
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "14.0.835.186"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.3"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "model": "aura session manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "informix genero",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.41"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.18"
          },
          {
            "model": "iron",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "srware",
            "version": "13.0.800.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "16.0.912.63"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.5.5"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.3"
          },
          {
            "model": "message networking sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "communication server 1000m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.6"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.26"
          },
          {
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "9.0.597.94"
          },
          {
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.17"
          },
          {
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.0.0"
          },
          {
            "model": "enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.223"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.10"
          },
          {
            "model": "firefox",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.27"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.6"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.3"
          },
          {
            "model": "voice portal sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "communication server 1000m signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.6"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.3.8.3"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.1.1"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.1"
          },
          {
            "model": "communication server 1000e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.6"
          },
          {
            "model": "thunderbird esr",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.2"
          },
          {
            "model": "tv",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.14"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.3.9.3"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "13"
          },
          {
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "model": "aura application server sip core pb19",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10.0.648.204"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.551.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10.0.648.128"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.19"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.3"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.301"
          },
          {
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.0"
          },
          {
            "model": "communication server 1000m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.3"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.14"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.3"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.5"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.1"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.7"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.222"
          },
          {
            "model": "enterprise linux workstation optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.65"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.6"
          },
          {
            "model": "seamonkey 2.1b2",
            "scope": null,
            "trust": 0.3,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.9"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.15"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.4.3"
          },
          {
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.1.0"
          },
          {
            "model": "communication server 1000m signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "model": "communication server 1000e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.23"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0"
          },
          {
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "model": "iron",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "srware",
            "version": "13.0"
          },
          {
            "model": "seamonkey beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.01"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "12.0.742.112"
          },
          {
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.05"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7.0"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6"
          },
          {
            "model": "linux enterprise server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.7"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.100"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.5"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.45"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0.1"
          },
          {
            "model": "productions pale moon",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moonchild",
            "version": "3.6.26"
          },
          {
            "model": "firefox beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.10"
          },
          {
            "model": "productions pale moon",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moonchild",
            "version": "3.6.27"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5"
          },
          {
            "model": "firefox esr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.2"
          },
          {
            "model": "storwize unified",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.40"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.3"
          },
          {
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.62"
          },
          {
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.10"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "9.0"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.6"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2011"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "16"
          },
          {
            "model": "linux lts lpia",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.1"
          },
          {
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.12"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.34"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.16"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.551.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.10"
          },
          {
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.8"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.23"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.13"
          },
          {
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.3"
          },
          {
            "model": "aura system manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.2"
          },
          {
            "model": "aura system manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "seamonkey alpha1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.1"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.4.2"
          },
          {
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "12"
          },
          {
            "model": "beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.5.101"
          },
          {
            "model": "aura system manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "seamonkey alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.03"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.17"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.15"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "communication server 1000m signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.212"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.1"
          },
          {
            "model": "messaging storage server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.12"
          },
          {
            "model": "communication server 1000e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "15.0.874102"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.14"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.206"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.8"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.37"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10.0.648.133"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.2"
          },
          {
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "iron",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "srware",
            "version": "15.0.900.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.22"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "5.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "6.0.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "17.0.963.46"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.5"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.5"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.10"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.3"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.12"
          },
          {
            "model": "seamonkey alpha3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.1"
          },
          {
            "model": "aura session manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "model": "conferencing standard edition sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.220"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.101"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1.2"
          },
          {
            "model": "aura session manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.14"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.12"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.18"
          },
          {
            "model": "firefox beta9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.13"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "9.0"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "5.0.1"
          },
          {
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.19"
          },
          {
            "model": "linux enterprise server sp1 for sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.20"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.43"
          },
          {
            "model": "firefox beta5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.16"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.5.6"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.300"
          },
          {
            "model": "enterprise linux server optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.2"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1.2"
          },
          {
            "model": "aura application server sip core pb26",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.10"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1.3"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.221"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "7"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.102"
          },
          {
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.307"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.8"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.12"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.5"
          },
          {
            "model": "seamonkey rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0"
          },
          {
            "model": "linux enterprise sdk sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.205"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.16"
          },
          {
            "model": "aura application server sip core pb25",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "5"
          },
          {
            "model": "seamonkey",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.7.2"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.43"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.204"
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.1"
          },
          {
            "model": "aura experience portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "5.0"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.4"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "model": "informix genero",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.40"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.21"
          },
          {
            "model": "communication server 1000e signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "firefox beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "aura system manager sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.21"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "aura system platform sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "linux enterprise desktop sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.103"
          },
          {
            "model": "firefox beta7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.224"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.18"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.696.71"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.8"
          },
          {
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.0.5"
          },
          {
            "model": "seamonkey alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.02"
          },
          {
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.4.8"
          },
          {
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.01"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.020"
          },
          {
            "model": "enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "12.0.742.91"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.308"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "9.0.597.84"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.210"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.550.0"
          },
          {
            "model": "rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.22"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.14"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.6"
          },
          {
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.4"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.309"
          },
          {
            "model": "firefox beta12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "4.0"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.214"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.4"
          },
          {
            "model": "communication server 1000e signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.5"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.0.9.8"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "seamonkey",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.7"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "10.0.1"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7"
          },
          {
            "model": "aura application server sip core pb16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.8"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "11"
          },
          {
            "model": "seamonkey alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.01"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.201"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.11"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.1.13"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11.0.672.2"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "14.0.835.163"
          },
          {
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8.2"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10"
          },
          {
            "model": "communication server 1000m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.5"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.304"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "11"
          },
          {
            "model": "communication server 1000e signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.11"
          },
          {
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.305"
          },
          {
            "model": "enterprise linux desktop workstation client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.20"
          },
          {
            "model": "linux enterprise desktop sp1 for sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0.552.237"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.21"
          },
          {
            "model": "linux enterprise desktop sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "iron",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "srware",
            "version": "15"
          },
          {
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "aura conferencing standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "lotus notes fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.35"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.6.16"
          },
          {
            "model": "communication server 1000m signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.5"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "10.0.648.205"
          },
          {
            "model": "iron",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "srware",
            "version": "11.0.700.3"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "model": "message networking",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.5"
          },
          {
            "model": "aura application server sip core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.1"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.4"
          },
          {
            "model": "communication server 1000e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.5"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.5.19"
          },
          {
            "model": "thunderbird",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.7"
          },
          {
            "model": "productions pale moon",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moonchild",
            "version": "9.1"
          },
          {
            "model": "messaging storage server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.2"
          },
          {
            "model": "communication server 1000m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "model": "libpng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "libpng",
            "version": "1.2.19"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "BID",
            "id": "52049"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3026"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jueri Aedla",
        "sources": [
          {
            "db": "BID",
            "id": "52049"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-3026",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2011-3026",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 8.7,
                "exploitability": "NOT DEFINED",
                "exploitabilityScore": 10.0,
                "id": "CVE-2012-6277",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "NOT DEFINED",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-59558",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-50971",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-3026",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-6277",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-59558",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-50971",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2011-3026",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "VULHUB",
            "id": "VHN-50971"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3026"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3026"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers.  These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. libpng is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely crash the library. Micro Focus Autonomy KeyView IDOL is a library from Micro Focus UK that can decode more than 1000 different file formats. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSymantec Products KeyView File Processing Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51365\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51365/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51365\n\nRELEASE DATE:\n2012-11-21\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51365/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51365/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51365\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSymantec has acknowledged some vulnerabilities in multiple products,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nFor more information:\nSA51362\n\nThe vulnerabilities are reported in the following products:\n* Symantec Mail Security for Microsoft Exchange (SMSMSE) versions\n6.5.x\n* Symantec Mail Security for Domino (SMSDOM) versions 8.1.x\n* Symantec Messaging Gateway (SMG) versions 9.5.x\n* Symantec Data Loss Prevention(DLP) Enforce/Detection Servers for\nWindows versions 11.x\n* Symantec Data Loss Prevention Enforce/Detection Servers for Linux\nversions 11.x\n* Symantec Data Loss Prevention Endpoint Agents versions 11.x\n\nSOLUTION:\nUpdate of upgrade to a fixed version. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nORIGINAL ADVISORY:\nSymantec:\nhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20121120_00\n\nUS-CERT:\nhttp://www.kb.cert.org/vuls/id/849841\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ============================================================================\nUbuntu Security Notice USN-1367-2\nFebruary 17, 2012\n\nfirefox vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nFirefox could be made to crash or run programs as your login if it opened a\nspecially crafted file. \n\nOriginal advisory details:\n \n Jueri Aedla discovered that libpng did not properly verify the size used\n when allocating memory during chunk decompression. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201206-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: libpng: Multiple vulnerabilities\n     Date: June 22, 2012\n     Bugs: #373967, #386185, #401987, #404197, #410153\n       ID: 201206-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in libpng might allow remote attackers to\nexecute arbitrary code or cause a Denial of Service condition. It is used by several programs, including web\nbrowsers and potentially server processes. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/libpng            \u003c 1.5.10                  \u003e= 1.5.10\n                                                           *\u003e= 1.2.49\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libpng:\n\n* The \"embedded_profile_len()\" function in pngwutil.c does not check\n  for negative values, resulting in a memory leak (CVE-2009-5063). \n* The \"png_format_buffer()\" function in pngerror.c contains an\n  off-by-one error (CVE-2011-2501). \n* The \"png_rgb_to_gray()\" function in pngrtran.c contains an integer\n  overflow error (CVE-2011-2690). \n* The \"png_err()\" function in pngerror.c contains a NULL pointer\n  dereference error (CVE-2011-2691). \n* The \"png_handle_sCAL()\" function in pngrutil.c improperly handles\n  malformed sCAL chunks(CVE-2011-2692). \n* The \"png_decompress_chunk()\" function in pngrutil.c contains an\n  integer overflow error (CVE-2011-3026). \n* The \"png_inflate()\" function in pngrutil.c contains and out of bounds\n  error (CVE-2011-3045). \n* The \"png_set_text_2()\" function in pngset.c contains an error which\n  could result in memory corruption (CVE-2011-3048). \n* The \"png_formatted_warning()\" function in pngerror.c contains an\n  off-by-one error (CVE-2011-3464). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libpng 1.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.5.10\"\n\nAll libpng 1.2 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/libpng-1.2.49\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-5063\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5063\n[ 2 ] CVE-2011-2501\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2501\n[ 3 ] CVE-2011-2690\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2690\n[ 4 ] CVE-2011-2691\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2691\n[ 5 ] CVE-2011-2692\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2692\n[ 6 ] CVE-2011-3026\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026\n[ 7 ] CVE-2011-3045\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3045\n[ 8 ] CVE-2011-3048\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3048\n[ 9 ] CVE-2011-3464\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3464\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-15.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Summary:\n\nUpdated seamonkey packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64\nRed Hat Enterprise Linux Desktop version 4 - i386, x86_64\nRed Hat Enterprise Linux ES version 4 - i386, ia64, x86_64\nRed Hat Enterprise Linux WS version 4 - i386, ia64, x86_64\n\n3. Description:\n\nSeaMonkey is an open source web browser, e-mail and newsgroup client, IRC\nchat client, and HTML editor. \n\nA heap-based buffer overflow flaw was found in the way SeaMonkey handled\nPNG (Portable Network Graphics) images. (CVE-2011-3026)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthis issue. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect. \n\n4. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm\n\ni386:\nseamonkey-1.0.9-79.el4.i386.rpm\nseamonkey-chat-1.0.9-79.el4.i386.rpm\nseamonkey-debuginfo-1.0.9-79.el4.i386.rpm\nseamonkey-devel-1.0.9-79.el4.i386.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.i386.rpm\nseamonkey-js-debugger-1.0.9-79.el4.i386.rpm\nseamonkey-mail-1.0.9-79.el4.i386.rpm\n\nia64:\nseamonkey-1.0.9-79.el4.ia64.rpm\nseamonkey-chat-1.0.9-79.el4.ia64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.ia64.rpm\nseamonkey-devel-1.0.9-79.el4.ia64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.ia64.rpm\nseamonkey-mail-1.0.9-79.el4.ia64.rpm\n\nppc:\nseamonkey-1.0.9-79.el4.ppc.rpm\nseamonkey-chat-1.0.9-79.el4.ppc.rpm\nseamonkey-debuginfo-1.0.9-79.el4.ppc.rpm\nseamonkey-devel-1.0.9-79.el4.ppc.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.ppc.rpm\nseamonkey-js-debugger-1.0.9-79.el4.ppc.rpm\nseamonkey-mail-1.0.9-79.el4.ppc.rpm\n\ns390:\nseamonkey-1.0.9-79.el4.s390.rpm\nseamonkey-chat-1.0.9-79.el4.s390.rpm\nseamonkey-debuginfo-1.0.9-79.el4.s390.rpm\nseamonkey-devel-1.0.9-79.el4.s390.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.s390.rpm\nseamonkey-js-debugger-1.0.9-79.el4.s390.rpm\nseamonkey-mail-1.0.9-79.el4.s390.rpm\n\ns390x:\nseamonkey-1.0.9-79.el4.s390x.rpm\nseamonkey-chat-1.0.9-79.el4.s390x.rpm\nseamonkey-debuginfo-1.0.9-79.el4.s390x.rpm\nseamonkey-devel-1.0.9-79.el4.s390x.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.s390x.rpm\nseamonkey-js-debugger-1.0.9-79.el4.s390x.rpm\nseamonkey-mail-1.0.9-79.el4.s390x.rpm\n\nx86_64:\nseamonkey-1.0.9-79.el4.x86_64.rpm\nseamonkey-chat-1.0.9-79.el4.x86_64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm\nseamonkey-devel-1.0.9-79.el4.x86_64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm\nseamonkey-mail-1.0.9-79.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm\n\ni386:\nseamonkey-1.0.9-79.el4.i386.rpm\nseamonkey-chat-1.0.9-79.el4.i386.rpm\nseamonkey-debuginfo-1.0.9-79.el4.i386.rpm\nseamonkey-devel-1.0.9-79.el4.i386.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.i386.rpm\nseamonkey-js-debugger-1.0.9-79.el4.i386.rpm\nseamonkey-mail-1.0.9-79.el4.i386.rpm\n\nx86_64:\nseamonkey-1.0.9-79.el4.x86_64.rpm\nseamonkey-chat-1.0.9-79.el4.x86_64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm\nseamonkey-devel-1.0.9-79.el4.x86_64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm\nseamonkey-mail-1.0.9-79.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm\n\ni386:\nseamonkey-1.0.9-79.el4.i386.rpm\nseamonkey-chat-1.0.9-79.el4.i386.rpm\nseamonkey-debuginfo-1.0.9-79.el4.i386.rpm\nseamonkey-devel-1.0.9-79.el4.i386.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.i386.rpm\nseamonkey-js-debugger-1.0.9-79.el4.i386.rpm\nseamonkey-mail-1.0.9-79.el4.i386.rpm\n\nia64:\nseamonkey-1.0.9-79.el4.ia64.rpm\nseamonkey-chat-1.0.9-79.el4.ia64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.ia64.rpm\nseamonkey-devel-1.0.9-79.el4.ia64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.ia64.rpm\nseamonkey-mail-1.0.9-79.el4.ia64.rpm\n\nx86_64:\nseamonkey-1.0.9-79.el4.x86_64.rpm\nseamonkey-chat-1.0.9-79.el4.x86_64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm\nseamonkey-devel-1.0.9-79.el4.x86_64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm\nseamonkey-mail-1.0.9-79.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-79.el4.src.rpm\n\ni386:\nseamonkey-1.0.9-79.el4.i386.rpm\nseamonkey-chat-1.0.9-79.el4.i386.rpm\nseamonkey-debuginfo-1.0.9-79.el4.i386.rpm\nseamonkey-devel-1.0.9-79.el4.i386.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.i386.rpm\nseamonkey-js-debugger-1.0.9-79.el4.i386.rpm\nseamonkey-mail-1.0.9-79.el4.i386.rpm\n\nia64:\nseamonkey-1.0.9-79.el4.ia64.rpm\nseamonkey-chat-1.0.9-79.el4.ia64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.ia64.rpm\nseamonkey-devel-1.0.9-79.el4.ia64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.ia64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.ia64.rpm\nseamonkey-mail-1.0.9-79.el4.ia64.rpm\n\nx86_64:\nseamonkey-1.0.9-79.el4.x86_64.rpm\nseamonkey-chat-1.0.9-79.el4.x86_64.rpm\nseamonkey-debuginfo-1.0.9-79.el4.x86_64.rpm\nseamonkey-devel-1.0.9-79.el4.x86_64.rpm\nseamonkey-dom-inspector-1.0.9-79.el4.x86_64.rpm\nseamonkey-js-debugger-1.0.9-79.el4.x86_64.rpm\nseamonkey-mail-1.0.9-79.el4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3026.html\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-09-19-1 iOS 6\n\niOS 6 is now available and addresses the following:\n\nCFNetwork\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription:  An issue existed in CFNetwork\u0027s handling of malformed\nURLs. CFNetwork may send requests to an incorrect hostname, resulting\nin the disclosure of sensitive information. This issue was addressed\nthrough improvements to URL handling. \nCVE-ID\nCVE-2012-3724 : Erling Ellingsen of Facebook\n\nCoreGraphics\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Multiple vulnerabilities in FreeType\nDescription:  Multiple vulnerabilities existed in FreeType, the most\nserious of which may lead to arbitrary code execution when processing\na maliciously crafted font. These issues were addressed by updating\nFreeType to version 2.4.9. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2012-1126\nCVE-2012-1127\nCVE-2012-1128\nCVE-2012-1129\nCVE-2012-1130\nCVE-2012-1131\nCVE-2012-1132\nCVE-2012-1133\nCVE-2012-1134\nCVE-2012-1135\nCVE-2012-1136\nCVE-2012-1137\nCVE-2012-1138\nCVE-2012-1139\nCVE-2012-1140\nCVE-2012-1141\nCVE-2012-1142\nCVE-2012-1143\nCVE-2012-1144\n\nCoreMedia\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An uninitialized memory access existed in the handling\nof Sorenson encoded movie files. This issue was addressed through\nimproved memory initialization. \nCVE-ID\nCVE-2012-3722 : Will Dormann of the CERT/CC\n\nDHCP\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A malicious Wi-Fi network may be able to determine networks\na device has previously accessed\nDescription:  Upon connecting to a Wi-Fi network, iOS may broadcast\nMAC addresses of previously accessed networks per the DNAv4 protocol. \nThis issue was addressed by disabling DNAv4 on unencrypted Wi-Fi\nnetworks. \nCVE-ID\nCVE-2012-3725 : Mark Wuergler of Immunity, Inc. \n\nImageIO\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in libtiff\u0027s handling of\nThunderScan encoded TIFF images. This issue was addressed by updating\nlibtiff to version 3.9.5. \nCVE-ID\nCVE-2011-1167\n\nImageIO\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Viewing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in libpng\u0027s\nhandling of PNG images. These issues were addressed through improved\nvalidation of PNG images. \nCVE-ID\nCVE-2011-3026 : Juri Aedla\nCVE-2011-3048\nCVE-2011-3328\n\nImageIO\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Viewing a maliciously crafted JPEG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A double free issue existed in ImageIO\u0027s handling of\nJPEG images. This issue was addressed through improved memory\nmanagement. \nCVE-ID\nCVE-2012-3726 : Phil of PKJE Consulting\n\nImageIO\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An integer overflow issue existed in libTIFF\u0027s handling\nof TIFF images. This issue was addressed through improved validation\nof TIFF images. \nCVE-ID\nCVE-2012-1173 : Alexander Gavrun working with HP\u0027s Zero Day\nInitiative\n\nInternational Components for Unicode\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription:  A stack buffer overflow existed in the handling of ICU\nlocale IDs. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2011-4599\n\nIPSec\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Loading a maliciously crafted racoon configuration file may\nlead to arbitrary code execution\nDescription:  A buffer overflow existed in the handling of racoon\nconfiguration files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2012-3727 : iOS Jailbreak Dream Team\n\nKernel\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  An invalid pointer dereference issue existed in the\nkernel\u0027s handling of packet filter ioctls. This may allow an attacker\nto alter kernel memory. This issue was addressed through improved\nerror handling. \nCVE-ID\nCVE-2012-3728 : iOS Jailbreak Dream Team\n\nKernel\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An uninitialized memory access issue existed in the\nBerkeley Packet Filter interpreter, which led to the disclosure of\nmemory content. This issue was addressed through improved memory\ninitialization. \nCVE-ID\nCVE-2012-3729 : Dan Rosenberg\n\nlibxml\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Viewing a maliciously crafted web page may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple vulnerabilities existed in libxml, the most\nserious of which may lead to an unexpected application termination or\narbitrary code execution. These issues were addressed by applying the\nrelevant upstream patches. \nCVE-ID\nCVE-2011-1944 : Chris Evans of Google Chrome Security Team\nCVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of\nChinese Academy of Sciences\nCVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of\nChinese Academy of Sciences\nCVE-2011-3919 : Juri Aedla\n\nMail\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Mail may present the wrong attachment in a message\nDescription:  A logic issue existed in Mail\u0027s handling of\nattachments. If a subsequent mail attachment used the same Content-ID\nas a previous one, the previous attachment would be displayed, even\nin the case where the 2 mails originated from different senders. This\ncould facilitate some spoofing or phishing attacks. This issue was\naddressed through improved handling of attachments. \nCVE-ID\nCVE-2012-3730 : Angelo Prado of the salesforce.com Product Security\nTeam\n\nMail\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Email attachments may be read without user\u0027s passcode\nDescription:  A logic issue existed in Mail\u0027s use of Data Protection\non email attachments. This issue was addressed by properly setting\nthe Data Protection class for email attachments. \nCVE-ID\nCVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich\nStuntebeck of AirWatch\n\nMail\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  An attacker may spoof the sender of a S/MIME signed message\nDescription:  S/MIME signed messages displayed the untrusted \u0027From\u0027\naddress, instead of the name associated with the message signer\u0027s\nidentity. This issue was addressed by displaying the address\nassociated with the message signer\u0027s identity when it is available. \nCVE-ID\nCVE-2012-3732 : An anonymous researcher\n\nMessages\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A user may unintentionally disclose the existence of their\nemail addresses\nDescription:  When a user had multiple email addresses associated\nwith iMessage, replying to a message may have resulted in the reply\nbeing sent from a different email address. This may disclose another\nemail address associated to the user\u0027s account. This issue was\naddressed by always replying from the email address the original\nmessage was sent to. \nCVE-ID\nCVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC\n\nOffice Viewer\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Unencrypted document data may be written to a temporary file\nDescription:  An information disclosure issue existed in the support\nfor viewing Microsoft Office files. When viewing a document, the\nOffice Viewer would write a temporary file containing data from the\nviewed document to the temporary directory of the invoking process. \nFor an application that uses data protection or other encryption to\nprotect the user\u0027s files, this could lead to information\ndisclosure. This issue was addressed by avoiding creation of\ntemporary files when viewing Office documents. \nCVE-ID\nCVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies\n\nOpenGL\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Applications that use OS X\u0027s OpenGL implementation may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues existed in the\nhandling of GLSL compilation. These issues were addressed through\nimproved validation of GLSL shaders. \nCVE-ID\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\nMarc Schoenefeld of the Red Hat Security Response Team\n\nPasscode Lock\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A person with physical access to the device could briefly\nview the last used third-party app on a locked device\nDescription:  A logic issue existed with the display of the \"Slide to\nPower Off\" slider on the lock screen. This issue was addressed\nthrough improved lock state management. \nCVE-ID\nCVE-2012-3735 : Chris Lawrence DBB\n\nPasscode Lock\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A person with physical access to the device may be able to\nbypass the screen lock\nDescription:  A logic issue existed in the termination of FaceTime\ncalls from the lock screen. This issue was addressed through improved\nlock state management. \nCVE-ID\nCVE-2012-3736 : Ian Vitek of 2Secure AB\n\nPasscode Lock\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  All photos may be accessible at the lock screen\nDescription:  A design issue existed in the support for viewing\nphotos that were taken at the lock screen. In order to determine\nwhich photos to permit access to, the passcode lock consulted the\ntime at which the device was locked and compared it to the time that\na photo was taken. By spoofing the current time, an attacker could\ngain access to photos that were taken before the device was locked. \nThis issues was addressed by explicitly keeping track of the photos\nthat were taken while the device was locked. \nCVE-ID\nCVE-2012-3737 : Ade Barkah of BlueWax Inc. \n\nPasscode Lock\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A person with physical access to a locked device may perform\nFaceTime calls\nDescription:  A logic issue existed in the Emergency Dialer screen,\nwhich permitted FaceTime calls via Voice Dialing on the locked\ndevice. This could also disclose the user\u0027s contacts via contact\nsuggestions. This issue was addressed by disabling Voice Dialing on\nthe Emergency Dialer screen. \nCVE-ID\nCVE-2012-3738 : Ade Barkah of BlueWax Inc. \n\nPasscode Lock\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A person with physical access to the device may be able to\nbypass the screen lock\nDescription:  Using the camera from the screen lock could in some\ncases interfere with automatic lock functionality, allowing a person\nwith physical access to the device to bypass the Passcode Lock\nscreen. This issue was addressed through improved lock state\nmanagement. \nCVE-ID\nCVE-2012-3739 : Sebastian Spanninger of the Austrian Federal\nComputing Centre (BRZ)\n\nPasscode Lock\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A person with physical access to the device may be able to\nbypass the screen lock\nDescription:  A state management issue existed in the handling of the\nscreen lock. This issue was addressed through improved lock state\nmanagement. \nCVE-ID\nCVE-2012-3740 : Ian Vitek of 2Secure AB\n\nRestrictions\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A user may be able to make purchases without entering Apple\nID credentials\nDescription:  After disabling Restrictions, iOS may not ask for the\nuser\u0027s password during a transaction. This issue was addressed by\nadditional enforcement of purchase authorization. \nCVE-ID\nCVE-2012-3741 : Kevin Makens of Redwood High School\n\nSafari\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Websites may use characters with an appearance similar to\nthe lock icon in their titles\nDescription:  Websites could use a Unicode character to create a lock\nicon in the page title. This icon was similar in appearance to the\nicon used to indicate a secure connection, and could have lead the\nuser to believe a secure connection had been established. This issue\nwas addressed by removing these characters from page titles. \nCVE-ID\nCVE-2012-3742 : Boku Kihara of Lepidum\n\nSafari\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Passwords may autocomplete even when the site specifies that\nautocomplete should be disabled\nDescription:  Password input elements with the autocomplete attribute\nset to \"off\" were being autocompleted. This issue was addressed\nthrough improved handling of the autocomplete attribute. \nCVE-ID\nCVE-2012-0680 : Dan Poltawski of Moodle\n\nSystem Logs\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Sandboxed apps may obtain system log content\nDescription:  Sandboxed apps had read access to /var/log directory,\nwhich may allow them to obtain sensitive information contained in\nsystem logs. This issue was addressed by denying sandboxed apps\naccess to the /var/log directory. \nCVE-ID\nCVE-2012-3743\n\nTelephony\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  An SMS message may appear to have been sent by an arbitrary\nuser\nDescription:  Messages displayed the return address of an SMS message\nas the sender. Return addresses may be spoofed. This issue was\naddressed by always displaying the originating address instead of the\nreturn address. \nCVE-ID\nCVE-2012-3744 : pod2g\n\nTelephony\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  An SMS message may disrupt cellular connectivity\nDescription:  An off-by-one buffer overflow existed in the handling\nof SMS user data headers. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2012-3745 : pod2g\n\nUIKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  An attacker that gains access to a device\u0027s filesystem may\nbe able to read files that were being displayed in a UIWebView\nDescription:  Applications that use UIWebView may leave unencrypted\nfiles on the file system even when a passcode is enabled. This issue\nwas addressed through improved use of data protection. \nCVE-ID\nCVE-2012-3746 : Ben Smith of Box\n\nWebKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2011-3016 : miaubiz\nCVE-2011-3021 : Arthur Gerkis\nCVE-2011-3027 : miaubiz\nCVE-2011-3032 : Arthur Gerkis\nCVE-2011-3034 : Arthur Gerkis\nCVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur\nGerkis\nCVE-2011-3036 : miaubiz\nCVE-2011-3037 : miaubiz\nCVE-2011-3038 : miaubiz\nCVE-2011-3039 : miaubiz\nCVE-2011-3040 : miaubiz\nCVE-2011-3041 : miaubiz\nCVE-2011-3042 : miaubiz\nCVE-2011-3043 : miaubiz\nCVE-2011-3044 : Arthur Gerkis\nCVE-2011-3050 : miaubiz\nCVE-2011-3053 : miaubiz\nCVE-2011-3059 : Arthur Gerkis\nCVE-2011-3060 : miaubiz\nCVE-2011-3064 : Atte Kettunen of OUSPG\nCVE-2011-3068 : miaubiz\nCVE-2011-3069 : miaubiz\nCVE-2011-3071 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2011-3073 : Arthur Gerkis\nCVE-2011-3074 : Slawomir Blazek\nCVE-2011-3075 : miaubiz\nCVE-2011-3076 : miaubiz\nCVE-2011-3078 : Martin Barbella of the Google Chrome Security Team\nCVE-2011-3081 : miaubiz\nCVE-2011-3086 : Arthur Gerkis\nCVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz\nCVE-2011-3090 : Arthur Gerkis\nCVE-2011-3105 : miaubiz\nCVE-2011-3913 : Arthur Gerkis\nCVE-2011-3924 : Arthur Gerkis\nCVE-2011-3926 : Arthur Gerkis\nCVE-2011-3958 : miaubiz\nCVE-2011-3966 : Aki Helin of OUSPG\nCVE-2011-3968 : Arthur Gerkis\nCVE-2011-3969 : Arthur Gerkis\nCVE-2011-3971 : Arthur Gerkis\nCVE-2012-0682 : Apple Product Security\nCVE-2012-0683 : Dave Mandelin of Mozilla\nCVE-2012-1520 : Martin Barbella of the Google Chrome Security Team\nusing AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com\nworking with iDefense VCP\nCVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. \nVazquez of spa-s3c.blogspot.com working with iDefense VCP\nCVE-2012-2818 : miaubiz\nCVE-2012-3589 : Dave Mandelin of Mozilla\nCVE-2012-3590 : Apple Product Security\nCVE-2012-3591 : Apple Product Security\nCVE-2012-3592 : Apple Product Security\nCVE-2012-3593 : Apple Product Security\nCVE-2012-3594 : miaubiz\nCVE-2012-3595 : Martin Barbella of Google Chrome Security\nCVE-2012-3596 : Skylined of the Google Chrome Security Team\nCVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3598 : Apple Product Security\nCVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3600 : David Levin of the Chromium development community\nCVE-2012-3601 : Martin Barbella of the Google Chrome Security Team\nusing AddressSanitizer\nCVE-2012-3602 : miaubiz\nCVE-2012-3603 : Apple Product Security\nCVE-2012-3604 : Skylined of the Google Chrome Security Team\nCVE-2012-3605 : Cris Neckar of the Google Chrome Security team\nCVE-2012-3608 : Skylined of the Google Chrome Security Team\nCVE-2012-3609 : Skylined of the Google Chrome Security Team\nCVE-2012-3610 : Skylined of the Google Chrome Security Team\nCVE-2012-3611 : Apple Product Security\nCVE-2012-3612 : Skylined of the Google Chrome Security Team\nCVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3614 : Yong Li of Research In Motion, Inc. \nCVE-2012-3615 : Stephen Chenney of the Chromium development community\nCVE-2012-3617 : Apple Product Security\nCVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3624 : Skylined of the Google Chrome Security Team\nCVE-2012-3625 : Skylined of Google Chrome Security Team\nCVE-2012-3626 : Apple Product Security\nCVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome\nSecurity team\nCVE-2012-3628 : Apple Product Security\nCVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3633 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3634 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3635 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3636 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3637 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3638 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3639 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3640 : miaubiz\nCVE-2012-3641 : Slawomir Blazek\nCVE-2012-3642 : miaubiz\nCVE-2012-3644 : miaubiz\nCVE-2012-3645 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3646 : Julien Chaffraix of the Chromium development\ncommunity, Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3647 : Skylined of the Google Chrome Security Team\nCVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the\nGoogle Chrome Security Team\nCVE-2012-3652 : Martin Barbella of Google Chrome Security Team\nCVE-2012-3653 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3655 : Skylined of the Google Chrome Security Team\nCVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3658 : Apple\nCVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya\n(Inferno) of the Google Chrome Security Team\nCVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3661 : Apple Product Security\nCVE-2012-3663 : Skylined of Google Chrome Security Team\nCVE-2012-3664 : Thomas Sepez of the Chromium development community\nCVE-2012-3665 : Martin Barbella of Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-3666 : Apple\nCVE-2012-3667 : Trevor Squires of propaneapp.com\nCVE-2012-3668 : Apple Product Security\nCVE-2012-3669 : Apple Product Security\nCVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam, Arthur Gerkis\nCVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome\nSecurity Team\nCVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3674 : Skylined of Google Chrome Security Team\nCVE-2012-3676 : Julien Chaffraix of the Chromium development\ncommunity\nCVE-2012-3677 : Apple\nCVE-2012-3678 : Apple Product Security\nCVE-2012-3679 : Chris Leary of Mozilla\nCVE-2012-3680 : Skylined of Google Chrome Security Team\nCVE-2012-3681 : Apple\nCVE-2012-3682 : Adam Barth of the Google Chrome Security Team\nCVE-2012-3683 : wushi of team509 working with iDefense VCP\nCVE-2012-3684 : kuzzcc\nCVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)\nCVE-2012-3703 : Apple Product Security\nCVE-2012-3704 : Skylined of the Google Chrome Security Team\nCVE-2012-3706 : Apple Product Security\nCVE-2012-3708 : Apple\nCVE-2012-3710 : James Robinson of Google\nCVE-2012-3747 : David Bloom of Cue\n\nWebKit\nAvailable for:  iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite disclosure of information\nDescription:  A cross-origin issue existed in the handling of CSS\nproperty values. This issue was addressed through improved origin\ntracking. \nCVE-ID\nCVE-2012-3691 : Apple\n\nWebKit\nAvailable for:  iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact:  A malicious website may be able to replace the contents of\nan iframe on another site\nDescription:  A cross-origin issue existed in the handling of iframes\nin popup windows. This issue was addressed through improved origin\ntracking. \nCVE-ID\nCVE-2011-3067 : Sergey Glazunov\n\nWebKit\nAvailable for:  iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite disclosure of information\nDescription:  A cross-origin issue existed in the handling of iframes\nand fragment identifiers. This issue was addressed through improved\norigin tracking. \nCVE-ID\nCVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,\nand Dan Boneh of the Stanford University Security Laboratory\n\nWebKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Look-alike characters in a URL could be used to masquerade a\nwebsite\nDescription:  The International Domain Name (IDN) support and Unicode\nfonts embedded in Safari could have been used to create a URL which\ncontains look-alike characters. These could have been used in a\nmalicious website to direct the user to a spoofed site that visually\nappears to be a legitimate domain. This issue was addressed by\nsupplementing WebKit\u0027s list of known look-alike characters. Look-\nalike characters are rendered in Punycode in the address bar. \nCVE-ID\nCVE-2012-3693 : Matt Cooley of Symantec\n\nWebKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A canonicalization issue existed in the handling of\nURLs. This may have led to cross-site scripting on sites which use\nthe location.href property. This issue was addressed through improved\ncanonicalization of URLs. \nCVE-ID\nCVE-2012-3695 : Masato Kinugawa\n\nWebKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to HTTP\nrequest splitting\nDescription:  An HTTP header injection issue existed in the handling\nof WebSockets. This issue was addressed through improved WebSockets\nURI sanitization. \nCVE-ID\nCVE-2012-3696 : David Belcher of the BlackBerry Security Incident\nResponse Team\n\nWebKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A maliciously crafted website may be able to spoof the value\nin the URL bar\nDescription:  A state management issue existed in the handling of\nsession history. Navigations to a fragment on the current page may\ncause Safari to display incorrect information in the URL bar. This\nissue was addressed through improved session state tracking. \nCVE-ID\nCVE-2011-2845 : Jordi Chancel\n\nWebKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of the disclosure of memory contents\nDescription:  An uninitialized memory access issue existed in the\nhandling of SVG images. This issue was addressed through improved\nmemory initialization. \nCVE-ID\nCVE-2012-3650 : Apple\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update will be \"6.0\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo\n3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5\nTZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0\n8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9\nn4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP\ndWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs\nJXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP\nid6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T\nxL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp\nRqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj\nbmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP\nXtT4lS60xKz63YSg79dd\n=LvMt\n-----END PGP SIGNATURE-----\n.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-3026"
          },
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "BID",
            "id": "52049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "VULHUB",
            "id": "VHN-50971"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3026"
          },
          {
            "db": "PACKETSTORM",
            "id": "109898"
          },
          {
            "db": "PACKETSTORM",
            "id": "118291"
          },
          {
            "db": "PACKETSTORM",
            "id": "109897"
          },
          {
            "db": "PACKETSTORM",
            "id": "114070"
          },
          {
            "db": "PACKETSTORM",
            "id": "109835"
          },
          {
            "db": "PACKETSTORM",
            "id": "109836"
          },
          {
            "db": "PACKETSTORM",
            "id": "116791"
          },
          {
            "db": "PACKETSTORM",
            "id": "110096"
          }
        ],
        "trust": 2.88
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-50971",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-50971"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-3026",
            "trust": 2.3
          },
          {
            "db": "SECUNIA",
            "id": "49660",
            "trust": 1.2
          },
          {
            "db": "SECUNIA",
            "id": "48110",
            "trust": 1.2
          },
          {
            "db": "SECUNIA",
            "id": "48016",
            "trust": 1.2
          },
          {
            "db": "CERT/CC",
            "id": "VU#849841",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "56610",
            "trust": 0.9
          },
          {
            "db": "SECTRACK",
            "id": "1027799",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "51362",
            "trust": 0.8
          },
          {
            "db": "OSVDB",
            "id": "87619",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "52049",
            "trust": 0.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#523889",
            "trust": 0.4
          },
          {
            "db": "PACKETSTORM",
            "id": "109836",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "109898",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "109835",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "109897",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "110096",
            "trust": 0.2
          },
          {
            "db": "SECUNIA",
            "id": "51365",
            "trust": 0.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201211-461",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "116792",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109833",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "110263",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109838",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109900",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109791",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109967",
            "trust": 0.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201202-339",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-50971",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3026",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "118291",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "114070",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "116791",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "VULHUB",
            "id": "VHN-50971"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3026"
          },
          {
            "db": "BID",
            "id": "52049"
          },
          {
            "db": "PACKETSTORM",
            "id": "109898"
          },
          {
            "db": "PACKETSTORM",
            "id": "118291"
          },
          {
            "db": "PACKETSTORM",
            "id": "109897"
          },
          {
            "db": "PACKETSTORM",
            "id": "114070"
          },
          {
            "db": "PACKETSTORM",
            "id": "109835"
          },
          {
            "db": "PACKETSTORM",
            "id": "109836"
          },
          {
            "db": "PACKETSTORM",
            "id": "116791"
          },
          {
            "db": "PACKETSTORM",
            "id": "110096"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3026"
          }
        ]
      },
      "id": "VAR-201202-0137",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "VULHUB",
            "id": "VHN-50971"
          }
        ],
        "trust": 0.02
      },
      "last_update_date": "2026-03-09T20:07:10.016000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Red Hat: Critical: thunderbird security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120140 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: seamonkey security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120141 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: xulrunner security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120143 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: firefox security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120142 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: libpng security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120317 - Security Advisory"
          },
          {
            "title": "Debian CVElist Bug Report Logs: CVE-2011-3026",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e819467ec1d6eb370af249e8c57643ae"
          },
          {
            "title": "Ubuntu Security Notice: xulrunner-1.9.2 vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1367-4"
          },
          {
            "title": "Ubuntu Security Notice: thunderbird vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1367-3"
          },
          {
            "title": "Ubuntu Security Notice: firefox vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1367-2"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2012-049",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-049"
          },
          {
            "title": "Mozilla: Mozilla Foundation Security Advisory 2012-11",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2012-11"
          },
          {
            "title": "Ubuntu Security Notice: libpng vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1367-1"
          },
          {
            "title": "Mozilla: libpng integer overflow",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=5af0471059f077bf7e3d2b0ef3aef299"
          },
          {
            "title": "Ubuntu Security Notice: thunderbird vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1369-1"
          },
          {
            "title": "cve-2011-3026-firefox",
            "trust": 0.1,
            "url": "https://github.com/argp/cve-2011-3026-firefox "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/CVEDB/PoC-List "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2011-3026"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-189",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-50971"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3026"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.5,
            "url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html"
          },
          {
            "trust": 1.3,
            "url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
          },
          {
            "trust": 1.2,
            "url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html"
          },
          {
            "trust": 1.2,
            "url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
          },
          {
            "trust": 1.2,
            "url": "http://code.google.com/p/chromium/issues/detail?id=112822"
          },
          {
            "trust": 1.2,
            "url": "http://support.apple.com/kb/ht5501"
          },
          {
            "trust": 1.2,
            "url": "http://support.apple.com/kb/ht5503"
          },
          {
            "trust": 1.2,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15032"
          },
          {
            "trust": 1.2,
            "url": "http://secunia.com/advisories/48016"
          },
          {
            "trust": 1.2,
            "url": "http://secunia.com/advisories/48110"
          },
          {
            "trust": 1.2,
            "url": "http://secunia.com/advisories/49660"
          },
          {
            "trust": 1.2,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html"
          },
          {
            "trust": 1.2,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html"
          },
          {
            "trust": 0.9,
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20121120_00"
          },
          {
            "trust": 0.9,
            "url": "http://www.securityfocus.com/bid/56610"
          },
          {
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/products/idol-modules-connectors/index.en.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/technology/idol-functionality-information-connectivity/index.en.html"
          },
          {
            "trust": 0.8,
            "url": "https://customers.autonomy.com"
          },
          {
            "trust": 0.8,
            "url": "http://support.microsoft.com/kb/2458544"
          },
          {
            "trust": 0.8,
            "url": "http://www.youtube.com/watch?v=28_lus_g0u4"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id/1027799"
          },
          {
            "trust": 0.8,
            "url": "http://www.osvdb.org/show/osvdb/87619"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/51362 "
          },
          {
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/news/releases/2004/0803a.en.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/news/releases/2008/0701.en.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3026"
          },
          {
            "trust": 0.4,
            "url": "http://www.kb.cert.org/vuls/id/523889"
          },
          {
            "trust": 0.3,
            "url": "http://support.apple.com/kb/ht5504"
          },
          {
            "trust": 0.3,
            "url": "http://www.libpng.org/pub/png/libpng.html"
          },
          {
            "trust": 0.3,
            "url": "http://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-address-cve-2011-3026/"
          },
          {
            "trust": 0.3,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng2"
          },
          {
            "trust": 0.3,
            "url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=3521"
          },
          {
            "trust": 0.3,
            "url": "http://www.palemoon.org/releasenotes.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.palemoon.org/releasenotes-ng.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100157180"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100157471"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/100160998"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620982"
          },
          {
            "trust": 0.3,
            "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-11.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004302"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627992"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21626697"
          },
          {
            "trust": 0.2,
            "url": "http://www.ubuntu.com/usn/usn-1367-1"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3048"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/kb/docs/doc-11259"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.2,
            "url": "http://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3026.html"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://support.symantec.com/us/en/article.symsa1262.html"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=27482"
          },
          {
            "trust": 0.1,
            "url": "https://vulmon.com/vulnerabilitydetails?qid=cve-2012-6277"
          },
          {
            "trust": 0.1,
            "url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
          },
          {
            "trust": 0.1,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
          },
          {
            "trust": 0.1,
            "url": "https://www.kb.cert.org/vuls/id/849841/"
          },
          {
            "trust": 0.1,
            "url": "https://www.tenable.com/plugins/nessus/67192"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/190.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/argp/cve-2011-3026-firefox"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/933399"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/thunderbird/3.1.19+build1+nobinonly-0ubuntu0.10.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/thunderbird/3.1.19+build1+nobinonly-0ubuntu0.10.10.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/thunderbird/3.1.19+build1+nobinonly-0ubuntu0.11.04.1"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-1367-3"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51365/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/849841"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51365"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51365/"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/firefox/10.0.2+build1-0ubuntu0.10.10.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/firefox/10.0.2+build1-0ubuntu0.11.10.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/firefox/10.0.2+build1-0ubuntu0.11.04.1"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-1367-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/firefox/10.0.2+build1-0ubuntu0.10.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/933293"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3464"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3045"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3045"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2692"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3048"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2501"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2692"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2690"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2691"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2501"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3026"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-5063"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2690"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3464"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5063"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2691"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2012-0141.html"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2012-0142.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/itunes/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3059"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3067"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1167"
          },
          {
            "trust": 0.1,
            "url": "http://support.apple.com/kb/ht1222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3035"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3050"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3016"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3060"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3038"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2845"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3036"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3064"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3043"
          },
          {
            "trust": 0.1,
            "url": "http://www.freetype.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3041"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3021"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3032"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3040"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3044"
          },
          {
            "trust": 0.1,
            "url": "http://gpgtools.org"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3037"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3053"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3034"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3042"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3039"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3026"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "VULHUB",
            "id": "VHN-50971"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3026"
          },
          {
            "db": "BID",
            "id": "52049"
          },
          {
            "db": "PACKETSTORM",
            "id": "109898"
          },
          {
            "db": "PACKETSTORM",
            "id": "118291"
          },
          {
            "db": "PACKETSTORM",
            "id": "109897"
          },
          {
            "db": "PACKETSTORM",
            "id": "114070"
          },
          {
            "db": "PACKETSTORM",
            "id": "109835"
          },
          {
            "db": "PACKETSTORM",
            "id": "109836"
          },
          {
            "db": "PACKETSTORM",
            "id": "116791"
          },
          {
            "db": "PACKETSTORM",
            "id": "110096"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3026"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "VULHUB",
            "id": "VHN-50971"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3026"
          },
          {
            "db": "BID",
            "id": "52049"
          },
          {
            "db": "PACKETSTORM",
            "id": "109898"
          },
          {
            "db": "PACKETSTORM",
            "id": "118291"
          },
          {
            "db": "PACKETSTORM",
            "id": "109897"
          },
          {
            "db": "PACKETSTORM",
            "id": "114070"
          },
          {
            "db": "PACKETSTORM",
            "id": "109835"
          },
          {
            "db": "PACKETSTORM",
            "id": "109836"
          },
          {
            "db": "PACKETSTORM",
            "id": "116791"
          },
          {
            "db": "PACKETSTORM",
            "id": "110096"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3026"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-11-20T00:00:00",
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "date": "2012-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-50971"
          },
          {
            "date": "2012-02-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-3026"
          },
          {
            "date": "2012-02-15T00:00:00",
            "db": "BID",
            "id": "52049"
          },
          {
            "date": "2012-02-18T03:05:35",
            "db": "PACKETSTORM",
            "id": "109898"
          },
          {
            "date": "2012-11-23T08:19:51",
            "db": "PACKETSTORM",
            "id": "118291"
          },
          {
            "date": "2012-02-18T03:05:23",
            "db": "PACKETSTORM",
            "id": "109897"
          },
          {
            "date": "2012-06-22T20:23:59",
            "db": "PACKETSTORM",
            "id": "114070"
          },
          {
            "date": "2012-02-17T02:34:07",
            "db": "PACKETSTORM",
            "id": "109835"
          },
          {
            "date": "2012-02-17T02:34:24",
            "db": "PACKETSTORM",
            "id": "109836"
          },
          {
            "date": "2012-09-22T06:24:25",
            "db": "PACKETSTORM",
            "id": "116791"
          },
          {
            "date": "2012-02-23T05:06:20",
            "db": "PACKETSTORM",
            "id": "110096"
          },
          {
            "date": "2012-02-16T20:55:04.083000",
            "db": "NVD",
            "id": "CVE-2011-3026"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "date": "2020-03-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "date": "2020-04-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-50971"
          },
          {
            "date": "2020-04-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-3026"
          },
          {
            "date": "2015-04-13T21:51:00",
            "db": "BID",
            "id": "52049"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-3026"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "52049"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Boundary Condition Error",
        "sources": [
          {
            "db": "BID",
            "id": "52049"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-200112-0223

    Vulnerability from variot - Updated: 2026-03-09 20:04

    Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. The San Diego Supercomputer Center (SDSC) has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line (ADSL) modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of the following impacts: unauthorized access, unauthorized monitoring, information leakage, denial of service, and permanent disability of affected devices.The SDSC has published additional information regarding these vulnerabilities at http://security.sdsc.edu/self-help/alcatel/. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Adsl Modem 1000 is prone to a remote security vulnerability. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. Alcatel ADSL modems are vulnerable. The vulnerability allows unauthenticated access to TFTP. -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6

    X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php

    This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php


    Contents: * 120 Reported Vulnerabilities * Risk Factor Key


    Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php

    Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php

    Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php

    Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php

    Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php

    Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php

    Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php

    Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php

    Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php

    Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php

    Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php

    Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php

    Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php

    Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php

    Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php

    Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php

    Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php

    Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php

    Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php

    Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php

    Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php

    Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php

    Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php

    Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php

    Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php

    Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php

    Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php

    Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php

    Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php

    Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php

    Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php

    Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php

    Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php

    Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php

    Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php

    Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php

    Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php

    Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php

    Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php

    Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php

    Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php

    Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php

    Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php

    Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php

    Date Reported: 04/16/2001 Brief Description: Microsoft Internet Explorer altering CLSID action allows malicious file execution Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
    Vulnerability: ie-clsid-execute-files X-Force URL: http://xforce.iss.net/static/6426.php

    Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php

    Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php

    Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php

    Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php

    Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php

    Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php

    Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php

    Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php

    Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php

    Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php

    Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php

    Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php

    Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php

    Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php

    Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php

    Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php

    Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php

    Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php

    Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php

    Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php

    Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php

    Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php

    Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php

    Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php

    Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php

    Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php

    Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php

    Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php

    Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php

    Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php

    Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php

    Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php

    Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php

    Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php

    Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php

    Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php

    Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php

    Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php

    Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php

    Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php

    Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php

    Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php

    Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php

    Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php


    Risk Factor Key:

        High    Any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server. 
        Medium  Any vulnerability that provides information that has a
                high potential of giving system access to an intruder. 
                Example: A misconfigured TFTP or vulnerable NIS server
                that allows an intruder to get the password file that
                could contain an account with a guessable password. 
        Low     Any vulnerability that provides information that
                potentially could lead to a compromise.  Example:  A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via brute force methods.
    

    About Internet Security Systems (ISS)

    Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.

    Copyright (c) 2001 by Internet Security Systems, Inc.

    Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.

    Disclaimer

    The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

    X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.

    Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv

    iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lotus",
            "version": null
          },
          {
            "_id": null,
            "model": "speed touch adsl modem",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "alcatel",
            "version": "home"
          },
          {
            "_id": null,
            "model": "adsl modem 1000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "alcatel",
            "version": "*"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "alcatel",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rit",
            "version": null
          },
          {
            "_id": null,
            "model": "adsl modem 1000",
            "scope": null,
            "trust": 0.6,
            "vendor": "alcatel",
            "version": null
          },
          {
            "_id": null,
            "model": "speed touch adsl modem home",
            "scope": null,
            "trust": 0.3,
            "vendor": "alcatel",
            "version": null
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.101"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.51"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.49"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.48"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.47"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.46"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.45"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.44"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.43"
          },
          {
            "_id": null,
            "model": "research labs the bat! f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.41"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.39"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.36"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.35"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.34"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.33"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.32"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.31"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.22"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.21"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.19"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.18"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.17"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.15"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.14"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.043"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.041"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.039"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.036"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.035"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.032"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.031"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.029"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.028"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.015"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.011"
          },
          {
            "_id": null,
            "model": "research labs the bat!",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rit",
            "version": "1.52"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#211736"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "89747"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-195"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1484"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "89747"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-1484",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-1484",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-4288",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-1484",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#211736",
                "trust": 0.8,
                "value": "27.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#601312",
                "trust": 0.8,
                "value": "9.98"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555464",
                "trust": 0.8,
                "value": "4.25"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#310816",
                "trust": 0.8,
                "value": "1.62"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200112-195",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-4288",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#211736"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-4288"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-195"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1484"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. The San Diego Supercomputer Center (SDSC) has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line (ADSL) modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of the following impacts: unauthorized access, unauthorized monitoring, information leakage, denial of service, and permanent disability of affected devices.The SDSC has published additional information regarding these vulnerabilities at http://security.sdsc.edu/self-help/alcatel/. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur.  This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Adsl Modem 1000 is prone to a remote security vulnerability. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure.  This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server.  The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account. Alcatel ADSL modems are vulnerable. The vulnerability allows unauthenticated access to TFTP. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported:          04/02/2001\nBrief Description:      The Bat! masked file type in email attachment\n                        could allow execution of code\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     The Bat! 1.49 and earlier\nVulnerability:          thebat-masked-file-type\nX-Force URL:            http://xforce.iss.net/static/6324.php\n\nDate Reported:          04/02/2001\nBrief Description:      PHP-Nuke could allow attackers to redirect ad\n                        banner URL links\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     PHP-Nuke 4.4 and earlier\nVulnerability:          php-nuke-url-redirect\nX-Force URL:            http://xforce.iss.net/static/6342.php\n\nDate Reported:          04/03/2001\nBrief Description:      Orinoco RG-1000 Residential Gateway default SSID\n                        reveals WEP encryption key\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Orinoco Residential Gateway RG-1000\nVulnerability:          orinoco-rg1000-wep-key\nX-Force URL:            http://xforce.iss.net/static/6328.php\n\nDate Reported:          04/03/2001\nBrief Description:      Navision Financials server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Navision Financials 2.5 and 2.6\nVulnerability:          navision-server-dos\nX-Force URL:            http://xforce.iss.net/static/6318.php\n\nDate Reported:          04/03/2001\nBrief Description:      uStorekeeper online shopping system allows\n                        remote file retrieval\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     uStorekeeper 1.61\nVulnerability:          ustorekeeper-retrieve-files\nX-Force URL:            http://xforce.iss.net/static/6319.php\n\nDate Reported:          04/03/2001\nBrief Description:      Resin server allows remote attackers to view\n                        Javabean files\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Resin 1.2.x, Resin 1.3b1\nVulnerability:          resin-view-javabean\nX-Force URL:            http://xforce.iss.net/static/6320.php\n\nDate Reported:          04/03/2001\nBrief Description:      BPFTP could allow attackers to obtain login\n                        credentials\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BPFTP 2.0\nVulnerability:          bpftp-obtain-credentials\nX-Force URL:            http://xforce.iss.net/static/6330.php\n\nDate Reported:          04/04/2001\nBrief Description:      Ntpd server readvar control message buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n                        Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n                        Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n                        earlier, FreeBSD 4.2-Stable, Mandrake Linux\n                        Corporate Server 1.0.1, Mandrake Linux 7.2,\n                        Trustix Secure Linux, Immunix Linux 7.0, \n                        NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n                        eServer 2.3.1\nVulnerability:          ntpd-remote-bo\nX-Force URL:            http://xforce.iss.net/static/6321.php\n\nDate Reported:          04/04/2001\nBrief Description:      Cisco CSS debug mode allows users to gain\n                        administrative access\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco Content Services Switch 11050, Cisco \n                        Content Services Switch 11150, Cisco Content\n                        Services Switch 11800\nVulnerability:          cisco-css-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6322.php\n\nDate Reported:          04/04/2001\nBrief Description:      BEA Tuxedo may allow access to remote services\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BEA Tuxedo 7.1\nVulnerability:          bea-tuxedo-remote-access\nX-Force URL:            http://xforce.iss.net/static/6326.php\n\nDate Reported:          04/05/2001\nBrief Description:      Ultimate Bulletin Board could allow attackers to\n                        bypass authentication\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Ultimate Bulletin Board 5.43, Ultimate Bulletin\n                        Board 5.4.7e\nVulnerability:          ultimatebb-bypass-authentication\nX-Force URL:            http://xforce.iss.net/static/6339.php\n\nDate Reported:          04/05/2001\nBrief Description:      BinTec X4000 NMAP denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n                        BinTec X1200\nVulnerability:          bintec-x4000-nmap-dos\nX-Force URL:            http://xforce.iss.net/static/6323.php\n\nDate Reported:          04/05/2001\nBrief Description:      WatchGuard Firebox II kernel denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     WatchGuard Firebox II prior to 4.6\nVulnerability:          firebox-kernel-dos\nX-Force URL:            http://xforce.iss.net/static/6327.php\n\nDate Reported:          04/06/2001\nBrief Description:      Cisco PIX denial of service due to multiple \n                        TACACS+ requests\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco PIX Firewall 5.1.4\nVulnerability:          cisco-pix-tacacs-dos\nX-Force URL:            http://xforce.iss.net/static/6353.php\n\nDate Reported:          04/06/2001\nBrief Description:      Darren Reed\u0027s IP Filter allows attackers to\n                        access UDP and TCP ports\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IP Filter 3.4.16\nVulnerability:          ipfilter-access-ports\nX-Force URL:            http://xforce.iss.net/static/6331.php\n\nDate Reported:          04/06/2001\nBrief Description:      Veritas NetBackup nc (netcat) command denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     NetBackup 3.2\nVulnerability:          veritas-netbackup-nc-dos\nX-Force URL:            http://xforce.iss.net/static/6329.php\n\nDate Reported:          04/08/2001\nBrief Description:      PGP may allow malicious users to access\n                        authenticated split keys\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     PGP 7.0\nVulnerability:          nai-pgp-split-keys\nX-Force URL:            http://xforce.iss.net/static/6341.php\n\nDate Reported:          04/09/2001\nBrief Description:      Solaris kcms_configure command line buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcms-command-bo\nX-Force URL:            http://xforce.iss.net/static/6359.php\n\nDate Reported:          04/09/2001\nBrief Description:      TalkBack CGI script could allow remote attackers\n                        to read files on the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     TalkBack prior to 1.2\nVulnerability:          talkback-cgi-read-files\nX-Force URL:            http://xforce.iss.net/static/6340.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) implementation\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n                        HP-UX 11.00, NetBSD\nVulnerability:          ftp-glob-implementation\nX-Force URL:            http://xforce.iss.net/static/6333.php\n\nDate Reported:          04/09/2001\nBrief Description:      Pine mail client temp file symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n                        Linux 6.2, Red Hat Linux 7.0\nVulnerability:          pine-tmp-file-symlink\nX-Force URL:            http://xforce.iss.net/static/6367.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) expansion\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n                        OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability:          ftp-glob-expansion\nX-Force URL:            http://xforce.iss.net/static/6332.php\n\nDate Reported:          04/09/2001\nBrief Description:      Netscape embedded JavaScript in GIF file \n                        comments can be used to access remote data\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape Communicator 4.76, Red Hat Linux 6.2,\n                        Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n                        7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n                        Red Hat Linux 7.1\nVulnerability:          netscape-javascript-access-data\nX-Force URL:            http://xforce.iss.net/static/6344.php\n\nDate Reported:          04/09/2001\nBrief Description:      STRIP generates weak passwords\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     STRIP 0.5 and earlier\nVulnerability:          strip-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6362.php\n\nDate Reported:          04/10/2001\nBrief Description:      Solaris Xsun HOME environment variable buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-xsun-home-bo\nX-Force URL:            http://xforce.iss.net/static/6343.php\n\nDate Reported:          04/10/2001\nBrief Description:      Compaq Presario Active X denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Compaq Presario, Windows 98, Windows ME\nVulnerability:          compaq-activex-dos\nX-Force URL:            http://xforce.iss.net/static/6355.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-expert-account\nX-Force URL:            http://xforce.iss.net/static/6354.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on LAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-lan-access\nX-Force URL:            http://xforce.iss.net/static/6336.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on WAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-wan-access\nX-Force URL:            http://xforce.iss.net/static/6337.php\n\nDate Reported:          04/10/2001\nBrief Description:      Oracle Application Server shared library\n                        (ndwfn4.so) buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     iPlanet Web Server 4.x, Oracle Application\n                        Server 4.0.8.2\nVulnerability:          oracle-appserver-ndwfn4-bo\nX-Force URL:            http://xforce.iss.net/static/6334.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems use blank password by\n                        default\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-blank-password\nX-Force URL:            http://xforce.iss.net/static/6335.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris dtsession buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-dtsession-bo\nX-Force URL:            http://xforce.iss.net/static/6366.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcssunwiosolf-bo\nX-Force URL:            http://xforce.iss.net/static/6365.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lightwave ConsoleServer brute force password\n                        attack\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Lightwave ConsoleServer 3200\nVulnerability:          lightwave-consoleserver-brute-force\nX-Force URL:            http://xforce.iss.net/static/6345.php\n\nDate Reported:          04/11/2001\nBrief Description:      nph-maillist allows user to execute code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Email List Generator 3.5 and earlier\nVulnerability:          nph-maillist-execute-code\nX-Force URL:            http://xforce.iss.net/static/6363.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost Configuration Server denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5\nVulnerability:          ghost-configuration-server-dos\nX-Force URL:            http://xforce.iss.net/static/6357.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server DOS device denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-device-dos\nX-Force URL:            http://xforce.iss.net/static/6348.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server HTTP header denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-header-dos\nX-Force URL:            http://xforce.iss.net/static/6347.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server URL parsing denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-url-dos\nX-Force URL:            http://xforce.iss.net/static/6351.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server CORBA denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-corba-dos\nX-Force URL:            http://xforce.iss.net/static/6350.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost database engine denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5, Sybase Adaptive Server Database\n                        Engine 6.0.3.2747\nVulnerability:          ghost-database-engine-dos\nX-Force URL:            http://xforce.iss.net/static/6356.php\n\nDate Reported:          04/11/2001\nBrief Description:      cfingerd daemon remote format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Debian Linux 2.1, Debian Linux 2.2, cfingerd\n                        1.4.3 and earlier\nVulnerability:          cfingerd-remote-format-string\nX-Force URL:            http://xforce.iss.net/static/6364.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server Unicode denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-unicode-dos\nX-Force URL:            http://xforce.iss.net/static/6349.php\n\nDate Reported:          04/11/2001\nBrief Description:      Linux mkpasswd generates weak passwords\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability:          mkpasswd-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6382.php\n\nDate Reported:          04/12/2001\nBrief Description:      Solaris ipcs utility buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-ipcs-bo\nX-Force URL:            http://xforce.iss.net/static/6369.php\n\nDate Reported:          04/12/2001\nBrief Description:      InterScan VirusWall ISADMIN service buffer \n                        overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel , InterScan VirusWall 3.0.1\nVulnerability:          interscan-viruswall-isadmin-bo\nX-Force URL:            http://xforce.iss.net/static/6368.php\n\nDate Reported:          04/12/2001\nBrief Description:      HylaFAX hfaxd format string\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n                        Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n                        Mandrake Linux 7.2, Mandrake Linux Corporate\n                        Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability:          hylafax-hfaxd-format-string\nX-Force URL:            http://xforce.iss.net/static/6377.php\n\nDate Reported:          04/12/2001\nBrief Description:      Cisco VPN 3000 Concentrators invalid IP Option\n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability:          cisco-vpn-ip-dos\nX-Force URL:            http://xforce.iss.net/static/6360.php\n\nDate Reported:          04/13/2001\nBrief Description:      Net.Commerce package in IBM WebSphere reveals\n                        installation path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n                        7, Windows NT 4.0\nVulnerability:          ibm-websphere-reveals-path\nX-Force URL:            http://xforce.iss.net/static/6371.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Term 5.0, QVT/Net 5.0\nVulnerability:          qpc-ftpd-bo\nX-Force URL:            http://xforce.iss.net/static/6376.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     QVT/Net 5.0, QVT/Term 5.0\nVulnerability:          qpc-ftpd-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6375.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC popd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Net 5.0\nVulnerability:          qpc-popd-bo\nX-Force URL:            http://xforce.iss.net/static/6374.php\n\nDate Reported:          04/13/2001\nBrief Description:      NCM Content Management System access database\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     NCM Content Management System\nVulnerability:          ncm-content-database-access\nX-Force URL:            http://xforce.iss.net/static/6386.php\n\nDate Reported:          04/13/2001\nBrief Description:      Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape SmartDownload 1.3, Windows NT, Windows\n                        95, Windows 98\nVulnerability:          netscape-smartdownload-sdph20-bo\nX-Force URL:            http://xforce.iss.net/static/6403.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer accept buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-accept-bo\nX-Force URL:            http://xforce.iss.net/static/6404.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer cancel buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-cancel-bo\nX-Force URL:            http://xforce.iss.net/static/6406.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer disable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-disable-bo\nX-Force URL:            http://xforce.iss.net/static/6407.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer enable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-enable-bo\nX-Force URL:            http://xforce.iss.net/static/6409.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lp buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lp-bo\nX-Force URL:            http://xforce.iss.net/static/6410.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpfilter buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpfilter-bo\nX-Force URL:            http://xforce.iss.net/static/6411.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpstat buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpstat-bo\nX-Force URL:            http://xforce.iss.net/static/6413.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer reject buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-reject-bo\nX-Force URL:            http://xforce.iss.net/static/6414.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer rmail buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-rmail-bo\nX-Force URL:            http://xforce.iss.net/static/6415.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer tput buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-tput-bo\nX-Force URL:            http://xforce.iss.net/static/6416.php\n\nDate Reported:          04/13/2001\nBrief Description:      IBM WebSphere CGI macro denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n                        4.3.x, Solaris 7\nVulnerability:          ibm-websphere-macro-dos\nX-Force URL:            http://xforce.iss.net/static/6372.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpmove buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpmove-bo\nX-Force URL:            http://xforce.iss.net/static/6412.php\n\nDate Reported:          04/14/2001\nBrief Description:      Siemens Reliant Unix ppd -T symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n                        Unix 5.44\nVulnerability:          reliant-unix-ppd-symlink\nX-Force URL:            http://xforce.iss.net/static/6408.php\n\nDate Reported:          04/15/2001\nBrief Description:      Linux Exuberant Ctags package symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, exuberant-ctags\nVulnerability:          exuberant-ctags-symlink\nX-Force URL:            http://xforce.iss.net/static/6388.php\n\nDate Reported:          04/15/2001\nBrief Description:      processit.pl CGI could allow attackers to view\n                        sensitive information about the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     processit.pl\nVulnerability:          processit-cgi-view-info\nX-Force URL:            http://xforce.iss.net/static/6385.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft ISA Server Web Proxy denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft ISA Server 2000\nVulnerability:          isa-web-proxy-dos\nX-Force URL:            http://xforce.iss.net/static/6383.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft Internet Explorer altering CLSID\n                        action allows malicious file execution\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Windows 2000, Internet Explorer 5.5, Windows 98                       \nVulnerability:          ie-clsid-execute-files\nX-Force URL:            http://xforce.iss.net/static/6426.php\n\nDate Reported:          04/16/2001\nBrief Description:      Cisco Catalyst 5000 series switch 802.1x denial\n                        of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco Catalyst 5000 Series\nVulnerability:          cisco-catalyst-8021x-dos\nX-Force URL:            http://xforce.iss.net/static/6379.php\n\nDate Reported:          04/16/2001\nBrief Description:      BubbleMon allows users to gain elevated \n                        privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     BubbleMon prior to 1.32, FreeBSD\nVulnerability:          bubblemon-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6378.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6391.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field allows attacker to upload\n                        files\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-file-upload\nX-Force URL:            http://xforce.iss.net/static/6393.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field EXPR allows attacker to\n                        execute commands\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-expr\nX-Force URL:            http://xforce.iss.net/static/6392.php\n\nDate Reported:          04/16/2001\nBrief Description:      Linux NetFilter IPTables\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability:          linux-netfilter-iptables\nX-Force URL:            http://xforce.iss.net/static/6390.php\n\nDate Reported:          04/17/2001\nBrief Description:      Xitami Web server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability:          xitami-server-dos\nX-Force URL:            http://xforce.iss.net/static/6389.php\n\nDate Reported:          04/17/2001\nBrief Description:      Samba tmpfile symlink attack could allow\n                        elevated privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n                        Progeny Linux, Caldera OpenLinux eBuilder,\n                        Trustix Secure Linux 1.01, Mandrake Linux \n                        Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n                        Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n                        Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n                        OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability:          samba-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6396.php\n\nDate Reported:          04/17/2001\nBrief Description:      GoAhead WebServer \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability:          goahead-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6400.php\n\nDate Reported:          04/17/2001\nBrief Description:      AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     SimpleServer:WWW 1.03 to 1.08\nVulnerability:          analogx-simpleserver-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6395.php\n\nDate Reported:          04/17/2001\nBrief Description:      Viking Server hexadecimal URL encoded format\n                        directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server prior to 1.07-381\nVulnerability:          viking-hex-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6394.php\n\nDate Reported:          04/17/2001\nBrief Description:      Solaris FTP server allows attacker to recover\n                        shadow file\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 2.6\nVulnerability:          solaris-ftp-shadow-recovery\nX-Force URL:            http://xforce.iss.net/static/6422.php\n\nDate Reported:          04/18/2001\nBrief Description:      The Bat! pop3 denial of service\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     The Bat! 1.51, Windows\nVulnerability:          thebat-pop3-dos\nX-Force URL:            http://xforce.iss.net/static/6423.php\n\nDate Reported:          04/18/2001\nBrief Description:      Eudora allows attacker to obtain files using\n                        plain text attachments\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Eudora 5.0.2\nVulnerability:          eudora-plain-text-attachment\nX-Force URL:            http://xforce.iss.net/static/6431.php\n\nDate Reported:          04/18/2001\nBrief Description:      VMware vmware-mount.pl symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     VMware\nVulnerability:          vmware-mount-symlink\nX-Force URL:            http://xforce.iss.net/static/6420.php\n\nDate Reported:          04/18/2001\nBrief Description:      KFM tmpfile symbolic link could allow local\n                        attackers to overwrite files\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 7.0, K File Manager (KFM)\nVulnerability:          kfm-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6428.php\n\nDate Reported:          04/18/2001\nBrief Description:      CyberScheduler timezone remote buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     CyberScheduler, Mandrake Linux, Windows 2000,\n                        IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n                        Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n                        Linux, Solaris 2.5, Solaris 2.6, Caldera \n                        OpenLinux, Windows NT\nVulnerability:          cyberscheduler-timezone-bo\nX-Force URL:            http://xforce.iss.net/static/6401.php\n\nDate Reported:          04/18/2001\nBrief Description:      Microsoft Data Access Component Internet\n                        Publishing Provider allows WebDAV access\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft Data Access Component 8.103.2519.0,\n                        Windows 95, Windows NT 4.0, Windows 98, Windows\n                        98 Second Edition, Windows 2000, Windows ME \nVulnerability:          ms-dacipp-webdav-access\nX-Force URL:            http://xforce.iss.net/static/6405.php\n\nDate Reported:          04/18/2001\nBrief Description:      Oracle tnslsnr80.exe denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability:          oracle-tnslsnr80-dos\nX-Force URL:            http://xforce.iss.net/static/6427.php\n\nDate Reported:          04/18/2001\nBrief Description:      innfeed -c flag buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux, Slackware Linux, Mandrake Linux,\n                        INN prior to 2.3.1\nVulnerability:          innfeed-c-bo\nX-Force URL:            http://xforce.iss.net/static/6398.php\n\nDate Reported:          04/18/2001\nBrief Description:      iPlanet Calendar Server stores username and\n                        password in plaintext\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     iPlanet Calendar Server 5.0p2\nVulnerability:          iplanet-calendar-plaintext-password\nX-Force URL:            http://xforce.iss.net/static/6402.php\n\nDate Reported:          04/18/2001\nBrief Description:      Linux NEdit symlink when printing\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n                        2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n                        SuSE Linux 7.0, Mandrake Linux Corporate Server\n                        1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability:          nedit-print-symlink\nX-Force URL:            http://xforce.iss.net/static/6424.php\n\nDate Reported:          04/19/2001\nBrief Description:      CheckBO TCP buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     CheckBO 1.56 and earlier\nVulnerability:          checkbo-tcp-bo\nX-Force URL:            http://xforce.iss.net/static/6436.php\n\nDate Reported:          04/19/2001\nBrief Description:      HP-UX pcltotiff uses insecure permissions\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n                        HP-UX 10.26\nVulnerability:          hp-pcltotiff-insecure-permissions\nX-Force URL:            http://xforce.iss.net/static/6447.php\n\nDate Reported:          04/19/2001\nBrief Description:      Netopia Timbuktu allows unauthorized system\n                        access\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Timbuktu Pro, Macintosh OS X\nVulnerability:          netopia-timbuktu-gain-access\nX-Force URL:            http://xforce.iss.net/static/6452.php\n\nDate Reported:          04/20/2001\nBrief Description:      Cisco CBOS could allow attackers to gain \n                        privileged information\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability:          cisco-cbos-gain-information\nX-Force URL:            http://xforce.iss.net/static/6453.php\n\nDate Reported:          04/20/2001\nBrief Description:      Internet Explorer 5.x allows active scripts \n                        using XML stylesheets\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Internet Explorer 5.x, Outlook Express 5.x\nVulnerability:          ie-xml-stylesheets-scripting\nX-Force URL:            http://xforce.iss.net/static/6448.php\n\nDate Reported:          04/20/2001\nBrief Description:      Linux gftp format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     gftp prior to 2.0.8, Mandrake Linux 8.0, \n                        Mandrake Linux Corporate Server 1.0.1, Immunix\n                        Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n                        7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n                        Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n                        Linux 7.0\nVulnerability:          gftp-format-string\nX-Force URL:            http://xforce.iss.net/static/6478.php\n\nDate Reported:          04/20/2001\nBrief Description:      Novell BorderManager VPN client SYN requests \n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Novell BorderManager 3.5\nVulnerability:          bordermanager-vpn-syn-dos\nX-Force URL:            http://xforce.iss.net/static/6429.php\n\nDate Reported:          04/20/2001\nBrief Description:      SAFT sendfiled could allow the execution of\n                        arbitrary code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability:          saft-sendfiled-execute-code\nX-Force URL:            http://xforce.iss.net/static/6430.php\n\nDate Reported:          04/21/2001\nBrief Description:      Mercury MTA for Novell Netware buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability:          mercury-mta-bo\nX-Force URL:            http://xforce.iss.net/static/6444.php\n\nDate Reported:          04/21/2001\nBrief Description:      QNX allows attacker to read files on FAT \n                        partition\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QNX 2.4\nVulnerability:          qnx-fat-file-read\nX-Force URL:            http://xforce.iss.net/static/6437.php\n\nDate Reported:          04/23/2001\nBrief Description:      Viking Server \"dot dot\" (\\...\\) directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server 1.0.7\nVulnerability:          viking-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6450.php\n\nDate Reported:          04/24/2001\nBrief Description:      NetCruiser Web Server could reveal directory\n                        path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     NetCruiser Web Server 0.1.2.8\nVulnerability:          netcruiser-server-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6468.php\n\nDate Reported:          04/24/2001\nBrief Description:      Perl Web Server directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Perl Web Server 0.3 and prior\nVulnerability:          perl-webserver-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6451.php\n\nDate Reported:          04/24/2001\nBrief Description:      Small HTTP Server /aux denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Small HTTP Server 2.03\nVulnerability:          small-http-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6446.php\n\nDate Reported:          04/24/2001\nBrief Description:      IPSwitch IMail SMTP daemon mailing list handler\n                        buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     IPSwitch Imail 6.06 and earlier\nVulnerability:          ipswitch-imail-smtp-bo\nX-Force URL:            http://xforce.iss.net/static/6445.php\n\nDate Reported:          04/25/2001\nBrief Description:      MIT Kerberos 5 could allow attacker to gain root\n                        access by injecting base64-encoded data\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     MIT Kerberos 5\nVulnerability:          kerberos-inject-base64-encode\nX-Force URL:            http://xforce.iss.net/static/6454.php\n\nDate Reported:          04/26/2001\nBrief Description:      IRIX netprint -n allows attacker to access\n                        shared library\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     IRIX 6.x\nVulnerability:          irix-netprint-shared-library\nX-Force URL:            http://xforce.iss.net/static/6473.php\n\nDate Reported:          04/26/2001\nBrief Description:      WebXQ \"dot dot\" directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Windows, WebXQ 2.1.204\nVulnerability:          webxq-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6466.php\n\nDate Reported:          04/26/2001\nBrief Description:      RaidenFTPD \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability:          raidenftpd-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6455.php\n\nDate Reported:          04/27/2001\nBrief Description:      PerlCal CGI cal_make.pl script directory\n                        traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Unix, PerlCal 2.95 and prior\nVulnerability:          perlcal-calmake-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6480.php\n\nDate Reported:          04/28/2001\nBrief Description:      ICQ Web Front plugin denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability:          icq-webfront-dos\nX-Force URL:            http://xforce.iss.net/static/6474.php\n\nDate Reported:          04/28/2001\nBrief Description:      Alex FTP Server \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Alex\u0027s FTP Server 0.7\nVulnerability:          alex-ftp-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6475.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver FTP path disclosure\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-ftp-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6477.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver Web server \"dot dot\" directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-web-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6476.php\n\nDate Reported:          04/29/2001\nBrief Description:      Winamp AIP buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Winamp 2.6x and 2.7x\nVulnerability:          winamp-aip-bo\nX-Force URL:            http://xforce.iss.net/static/6479.php\n\nDate Reported:          04/29/2001\nBrief Description:      BearShare \"dot dot\" allows remote attacker to traverse\n                        directories and download any file\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BearShare 2.2.2 and prior, Windows 95, Windows\n                        98, Windows ME\nVulnerability:          bearshare-dot-download-files\nX-Force URL:            http://xforce.iss.net/static/6481.php\n\nDate Reported:          05/01/2001\nBrief Description:      IIS 5.0 ISAPI extension buffer overflow\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IIS 5.0, Windows 2000 Server, Windows 2000\n                        Advanced Server, Windows 2000 Datacenter Server\nVulnerability:          iis-isapi-bo\nX-Force URL:            http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n        High    Any vulnerability that provides an attacker with immediate\n                access into a machine, gains superuser access, or bypasses\n                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version\n                that allows an intruder to execute commands on mail\n                server. \n        Medium  Any vulnerability that provides information that has a\n                high potential of giving system access to an intruder. \n                Example: A misconfigured TFTP or vulnerable NIS server\n                that allows an intruder to get the password file that\n                could contain an account with a guessable password. \n        Low     Any vulnerability that provides information that\n                potentially could lead to a compromise.  Example:  A\n                finger that allows an intruder to find out who is online\n                and potential accounts to attempt to crack passwords\n                via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business.  With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies.  Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East.  For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1484"
          },
          {
            "db": "CERT/CC",
            "id": "VU#211736"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "89747"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "VULHUB",
            "id": "VHN-4288"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          }
        ],
        "trust": 4.5
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#211736",
            "trust": 2.8
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1484",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "2636",
            "trust": 1.1
          },
          {
            "db": "XF",
            "id": "6336",
            "trust": 1.0
          },
          {
            "db": "XF",
            "id": "6347",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.9
          },
          {
            "db": "BID",
            "id": "2565",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "2599",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-195",
            "trust": 0.7
          },
          {
            "db": "CERT/CC",
            "id": "CA-2001-08",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "89747",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-4288",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6382",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6475",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6343",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6386",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6328",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6333",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6334",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6376",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6345",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6422",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6322",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6378",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6342",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6453",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6405",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6321",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6377",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6428",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6450",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6332",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6410",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6478",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6359",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6485",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6414",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6371",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6477",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6395",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6394",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6353",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6466",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6481",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6329",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6372",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6348",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6437",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6367",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6411",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6452",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6354",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6344",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6356",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6420",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6424",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6365",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6415",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6416",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6412",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6391",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6447",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6362",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6408",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6331",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6431",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6479",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6429",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6392",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6396",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6480",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6351",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6468",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6366",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6327",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6474",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6319",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6403",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6413",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6388",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6363",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6454",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6364",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6400",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6339",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6455",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6341",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6318",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6436",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6448",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6320",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6385",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6379",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6402",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6426",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6323",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6369",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6427",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6446",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6349",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6368",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6389",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6357",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6476",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6401",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6326",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6340",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6337",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6473",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6375",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6409",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6390",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6335",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6393",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6324",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6445",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6404",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6360",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6398",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6430",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6406",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6444",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6330",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6355",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6407",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6374",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6383",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6451",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#211736"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-4288"
          },
          {
            "db": "BID",
            "id": "89747"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-195"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1484"
          }
        ]
      },
      "id": "VAR-200112-0223",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4288"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T20:04:27.784000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1484"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.0,
            "url": "http://www.cert.org/advisories/ca-2001-08.html"
          },
          {
            "trust": 2.0,
            "url": "http://www.kb.cert.org/vuls/id/211736"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6336"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6347.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/xforce/xfdb/6336"
          },
          {
            "trust": 0.8,
            "url": "http://security.sdsc.edu/self-help/alcatel/"
          },
          {
            "trust": 0.8,
            "url": "http://www.alcatel.com/consumer/dsl/security.htm"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2565"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2599"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2636"
          },
          {
            "trust": 0.8,
            "url": "http://www.ritlabs.com/the_bat/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
          },
          {
            "trust": 0.3,
            "url": "http://www.thebat.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6323.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6330.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6392.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6444.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6455.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6468.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6452.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6327.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6395.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6485.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6402.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6362.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6366.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6336.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6451.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6334.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6406.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6427.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.iss.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6351.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6343.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6326.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6319.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6344.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6398.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6428.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6353.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6356.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6390.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6450.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6446.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6368.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6332.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6359.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6376.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6354.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6378.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6374.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6394.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6383.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6411.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6414.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6481.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6349.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6365.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6382.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6403.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6324.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6329.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6437.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6388.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6415.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6424.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6342.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6337.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6357.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6348.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/alerts/vol-6_num-6.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6407.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6379.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6389.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6436.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6466.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6412.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6448.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6400.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6318.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6478.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6454.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6372.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6420.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6335.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6345.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6479.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6355.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6321.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6364.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6476.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6393.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6391.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6341.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6371.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6429.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6369.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6405.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6431.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6422.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6410.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6360.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6401.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6413.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6474.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6477.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6385.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6473.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6328.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6377.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6416.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6339.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6367.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6445.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6453.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6375.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/maillists/index.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6475.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6430.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6340.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6396.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6426.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6331.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6386.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/sensitive.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6333.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6480.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6409.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6447.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6404.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6320.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6408.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6322.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6363.php"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#211736"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-4288"
          },
          {
            "db": "BID",
            "id": "89747"
          },
          {
            "db": "BID",
            "id": "2636"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-195"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1484"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#211736",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-4288",
            "ident": null
          },
          {
            "db": "BID",
            "id": "89747",
            "ident": null
          },
          {
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-195",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1484",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-04-10T00:00:00",
            "db": "CERT/CC",
            "id": "VU#211736",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#601312",
            "ident": null
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-06-01T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2001-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-4288",
            "ident": null
          },
          {
            "date": "2001-12-31T00:00:00",
            "db": "BID",
            "id": "89747",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2001-05-16T01:07:09",
            "db": "PACKETSTORM",
            "id": "24836",
            "ident": null
          },
          {
            "date": "2001-12-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200112-195",
            "ident": null
          },
          {
            "date": "2001-12-31T05:00:00",
            "db": "NVD",
            "id": "CVE-2001-1484",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2001-04-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#211736",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#601312",
            "ident": null
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555464",
            "ident": null
          },
          {
            "date": "2001-08-30T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816",
            "ident": null
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-4288",
            "ident": null
          },
          {
            "date": "2001-12-31T00:00:00",
            "db": "BID",
            "id": "89747",
            "ident": null
          },
          {
            "date": "2001-04-18T00:00:00",
            "db": "BID",
            "id": "2636",
            "ident": null
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200112-195",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-1484",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-195"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#211736"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "89747"
          },
          {
            "db": "BID",
            "id": "2636"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201107-0115

    Vulnerability from variot - Updated: 2025-04-11 21:25

    Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding. Autonomy Provided by Autonomy KeyView IDOL Is 1000 A library that decodes the above file formats. IBM Lotus Notes , Lotus Domino , Symantec Mail Security , Hyland OnBase Used in such applications. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. (DoS) An attacker may be attacked or execute arbitrary code with user privileges. Autonomy KeyView Filter is prone to a buffer-overflow vulnerability because of a failure to properly bounds check user-supplied input. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file or email attachment. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously discussed in BID 47962 (IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities) but has been given its own record to better document it. KeyView is a software package for exporting, converting and viewing files in various formats.

    For more information: SA44820

    SOLUTION: Do not open documents from untrusted sources.

    For more information: SA44820

    Successful exploitation requires the attachment content scanning option to be enabled.

    SOLUTION: Disable the attachment content scanning option. ----------------------------------------------------------------------

    Alerts when vulnerabilities pose a threat to your infrastructure The enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies.

    For more information see vulnerability #6 in: SA44624

    Please see the vendor's advisory for the list for affected products. ----------------------------------------------------------------------

    Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/


    TITLE: Autonomy KeyView File Processing Vulnerabilities

    SECUNIA ADVISORY ID: SA44820

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44820/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44820

    RELEASE DATE: 2011-06-08

    DISCUSS ADVISORY: http://secunia.com/advisories/44820/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/44820/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=44820

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system.

    1) An error when processing Windows Write (WRI) files can be exploited to cause a stack-based buffer overflow.

    2) Some errors when processing unspecified file formats can be exploited to corrupt memory. No further information is currently available.

    The vulnerabilities are reported in versions prior to 10.13.1.

    SOLUTION: Update to version 10.13.1.

    PROVIDED AND/OR DISCOVERED BY: Will Dormann and Jared Allar, CERT/CC.

    ORIGINAL ADVISORY: US-CERT (VU#126159): http://www.kb.cert.org/vuls/id/126159

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201107-0115",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "10.5.1"
          },
          {
            "model": "brightmail and messaging gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "7.7"
          },
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "10.5"
          },
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "8.1"
          },
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "8.1.1"
          },
          {
            "model": "brightmail and messaging gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "4.1.0"
          },
          {
            "model": "brightmail and messaging gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "4.0.0"
          },
          {
            "model": "brightmail and messaging gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "5.0"
          },
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "10"
          },
          {
            "model": "brightmail and messaging gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.5"
          },
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "7.0"
          },
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "7.2"
          },
          {
            "model": "data loss prevention",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.5.2"
          },
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "7.1"
          },
          {
            "model": "brightmail and messaging gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0.1"
          },
          {
            "model": "brightmail and messaging gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "brightmail and messaging gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0.2"
          },
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0"
          },
          {
            "model": "mail security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "7.5"
          },
          {
            "model": "mail security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "brightmail and messaging gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.0"
          },
          {
            "model": "data loss prevention",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "mail security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "6.0.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "autonomy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ca",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "emc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hyland",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lotus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "palisade",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "proofpoint",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "trend micro",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "verdasys",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "websense",
            "version": null
          },
          {
            "model": "keyview idol",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "autonomy",
            "version": "10.13.1 earlier"
          },
          {
            "model": "brightmail gateway and symantec messaging gateway",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "9.5"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "10.x"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "11.x"
          },
          {
            "model": "data loss prevention enforce/detection servers",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "(linux) 10.x"
          },
          {
            "model": "data loss prevention enforce/detection servers",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "(linux) 11.x"
          },
          {
            "model": "data loss prevention enforce/detection servers",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "(windows) 10.x"
          },
          {
            "model": "data loss prevention enforce/detection servers",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "(windows) 11.x"
          },
          {
            "model": "mail security",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "(domino) 7.5.x"
          },
          {
            "model": "mail security",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "(domino) 8.x"
          },
          {
            "model": "mail security",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "(exchange) 6.x"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.1"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.0.11"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.0.10"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.0.9"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.0.8"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.0.7"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.0.6"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.0.5"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.0"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.0.0.1"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0.6"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0.3"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0.2"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0.1"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.10"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.9"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.8"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.7"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.6"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.325"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.5.32"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.4.29"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.3.25"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.0.19"
          },
          {
            "model": "mail security for domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.5.1"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.1010.18007"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.187"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.2"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.1"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.101"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.10.9"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.3"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.6.2"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0.10.38"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.5"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.5.1"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.1010.18007"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.185"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.3"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.2"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.1"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.101"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.10.8"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.228"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.5.15"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.5"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.5.1"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0.1010.18007"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.185"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.3"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.2"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.1"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.101"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.10.8"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.1"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.238"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1.5.15"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.1"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.5"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.0"
          },
          {
            "model": "brightmail gateway series appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "83000"
          },
          {
            "model": "brightmail gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0.2"
          },
          {
            "model": "brightmail gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0.2"
          },
          {
            "model": "brightmail gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0.1"
          },
          {
            "model": "brightmail gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.0"
          },
          {
            "model": "brightmail gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0"
          },
          {
            "model": "brightmail and messaging gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.5"
          },
          {
            "model": "host data loss prevention",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "9.2"
          },
          {
            "model": "host data loss prevention",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "9.1"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.3"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.2"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5.6"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5.5"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5.4"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5.3"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5.2"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5.1"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "model": "lotus notes fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.2"
          },
          {
            "model": "lotus notes fp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.2"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "model": "lotus notes fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5.6"
          },
          {
            "model": "lotus notes fp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5.5"
          },
          {
            "model": "lotus notes fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5.5"
          },
          {
            "model": "lotus notes fp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.5.2"
          },
          {
            "model": "keyview viewer sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.4"
          },
          {
            "model": "keyview viewer sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.3"
          },
          {
            "model": "keyview viewer sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "9.2"
          },
          {
            "model": "keyview viewer sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.9"
          },
          {
            "model": "keyview viewer sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.8"
          },
          {
            "model": "keyview viewer sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.5"
          },
          {
            "model": "keyview viewer sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.12"
          },
          {
            "model": "keyview viewer sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.11"
          },
          {
            "model": "keyview viewer sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.10"
          },
          {
            "model": "keyview viewer sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10"
          },
          {
            "model": "keyview idol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10"
          },
          {
            "model": "keyview filter sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.9"
          },
          {
            "model": "keyview filter sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.4"
          },
          {
            "model": "keyview filter sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.3"
          },
          {
            "model": "keyview filter sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "9.2"
          },
          {
            "model": "keyview filter sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.8"
          },
          {
            "model": "keyview filter sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.5"
          },
          {
            "model": "keyview filter sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.12"
          },
          {
            "model": "keyview filter sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.11"
          },
          {
            "model": "keyview filter sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.10"
          },
          {
            "model": "keyview filter sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10"
          },
          {
            "model": "keyview export sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.4"
          },
          {
            "model": "keyview export sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.3"
          },
          {
            "model": "keyview export sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "9.2"
          },
          {
            "model": "keyview export sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.9"
          },
          {
            "model": "keyview export sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.8"
          },
          {
            "model": "keyview export sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.5"
          },
          {
            "model": "keyview export sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.12"
          },
          {
            "model": "keyview export sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.10"
          },
          {
            "model": "keyview export sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10"
          },
          {
            "model": "messaging gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.5.1"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.5"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.0.12"
          },
          {
            "model": "mail security for domino",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "8.0.8"
          },
          {
            "model": "mail security for domino",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "7.5.11"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.1"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.5.3"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.1"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.5.3"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.1"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "10.5.3"
          },
          {
            "model": "keyview idol",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.13.1"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#126159"
          },
          {
            "db": "BID",
            "id": "48013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001933"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201106-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0548"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:autonomy:autonomy_keyview_idol",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001718"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Secunia",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "102365"
          },
          {
            "db": "PACKETSTORM",
            "id": "102187"
          },
          {
            "db": "PACKETSTORM",
            "id": "101914"
          },
          {
            "db": "PACKETSTORM",
            "id": "102081"
          },
          {
            "db": "PACKETSTORM",
            "id": "115865"
          }
        ],
        "trust": 0.5
      },
      "cve": "CVE-2011-0548",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2011-0548",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CARNEGIE MELLON",
                "availabilityImpact": "PARTIAL",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 9.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 7.4,
                "exploitability": "FUNCTIONAL",
                "exploitabilityScore": 8.6,
                "id": "VU#126159",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "NOT DEFINED",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-48493",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-0548",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#126159",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-0548",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201106-004",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-48493",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#126159"
          },
          {
            "db": "VULHUB",
            "id": "VHN-48493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001933"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201106-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0548"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file.  NOTE: this may overlap CVE-2011-1217. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding. Autonomy Provided by Autonomy KeyView IDOL Is 1000 A library that decodes the above file formats. IBM Lotus Notes , Lotus Domino , Symantec Mail Security , Hyland OnBase Used in such applications. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. (DoS) An attacker may be attacked or execute arbitrary code with user privileges. Autonomy KeyView Filter is prone to a buffer-overflow vulnerability because of a failure to properly bounds check user-supplied input. \nAn attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file or email attachment. Failed exploit attempts will result in a denial-of-service condition. \nNOTE: This issue was previously discussed in BID 47962 (IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities) but has been given its own record to better document it. KeyView is a software package for exporting, converting and viewing files in various formats. \n\nFor more information:\nSA44820\n\nSOLUTION:\nDo not open documents from untrusted sources. \n\nFor more information:\nSA44820\n\nSuccessful exploitation requires the attachment content scanning\noption to be enabled. \n\nSOLUTION:\nDisable the attachment content scanning option. ----------------------------------------------------------------------\n\n\nAlerts when vulnerabilities pose a threat to your infrastructure\nThe enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies. \n\nFor more information see vulnerability #6 in:\nSA44624\n\nPlease see the vendor\u0027s advisory for the list for affected products. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAutonomy KeyView File Processing Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44820\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44820/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44820\n\nRELEASE DATE:\n2011-06-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44820/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44820/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44820\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Autonomy KeyView,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\n1) An error when processing Windows Write (WRI) files can be\nexploited to cause a stack-based buffer overflow. \n\n2) Some errors when processing unspecified file formats can be\nexploited to corrupt memory. No further information is currently\navailable. \n\nThe vulnerabilities are reported in versions prior to 10.13.1. \n\nSOLUTION:\nUpdate to version 10.13.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann and Jared Allar, CERT/CC. \n\nORIGINAL ADVISORY:\nUS-CERT (VU#126159):\nhttp://www.kb.cert.org/vuls/id/126159\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-0548"
          },
          {
            "db": "CERT/CC",
            "id": "VU#126159"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001933"
          },
          {
            "db": "BID",
            "id": "48013"
          },
          {
            "db": "VULHUB",
            "id": "VHN-48493"
          },
          {
            "db": "PACKETSTORM",
            "id": "102365"
          },
          {
            "db": "PACKETSTORM",
            "id": "102187"
          },
          {
            "db": "PACKETSTORM",
            "id": "101914"
          },
          {
            "db": "PACKETSTORM",
            "id": "102081"
          },
          {
            "db": "PACKETSTORM",
            "id": "115865"
          }
        ],
        "trust": 3.87
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/126159",
            "trust": 0.8,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#126159"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-0548",
            "trust": 2.8
          },
          {
            "db": "SECUNIA",
            "id": "44779",
            "trust": 2.6
          },
          {
            "db": "SECTRACK",
            "id": "1025596",
            "trust": 2.5
          },
          {
            "db": "SECTRACK",
            "id": "1025594",
            "trust": 2.5
          },
          {
            "db": "SECTRACK",
            "id": "1025595",
            "trust": 2.5
          },
          {
            "db": "CERT/CC",
            "id": "VU#126159",
            "trust": 2.3
          },
          {
            "db": "BID",
            "id": "48013",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001718",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001933",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201106-004",
            "trust": 0.7
          },
          {
            "db": "MCAFEE",
            "id": "SB10024",
            "trust": 0.4
          },
          {
            "db": "SECUNIA",
            "id": "50399",
            "trust": 0.3
          },
          {
            "db": "SECUNIA",
            "id": "44877",
            "trust": 0.2
          },
          {
            "db": "SECUNIA",
            "id": "44878",
            "trust": 0.2
          },
          {
            "db": "SECUNIA",
            "id": "44820",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-48493",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "102365",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "102187",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101914",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "102081",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "115865",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#126159"
          },
          {
            "db": "VULHUB",
            "id": "VHN-48493"
          },
          {
            "db": "BID",
            "id": "48013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001933"
          },
          {
            "db": "PACKETSTORM",
            "id": "102365"
          },
          {
            "db": "PACKETSTORM",
            "id": "102187"
          },
          {
            "db": "PACKETSTORM",
            "id": "101914"
          },
          {
            "db": "PACKETSTORM",
            "id": "102081"
          },
          {
            "db": "PACKETSTORM",
            "id": "115865"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201106-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0548"
          }
        ]
      },
      "id": "VAR-201107-0115",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-48493"
          }
        ],
        "trust": 0.6
      },
      "last_update_date": "2025-04-11T21:25:49.461000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "KeyView IDOL \u0026 Connectors",
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/Products/idol-modules-connectors/index.en.html"
          },
          {
            "title": "Information Connectivity",
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/Technology/idol-functionality-information-connectivity/index.en.html"
          },
          {
            "title": "Autonomy Support Site",
            "trust": 0.8,
            "url": "https://customers.autonomy.com/"
          },
          {
            "title": "SYM11-007",
            "trust": 0.8,
            "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
          },
          {
            "title": "SYM11-007",
            "trust": 0.8,
            "url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001933"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-48493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001933"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0548"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://securitytracker.com/id?1025594"
          },
          {
            "trust": 2.5,
            "url": "http://securitytracker.com/id?1025595"
          },
          {
            "trust": 2.5,
            "url": "http://securitytracker.com/id?1025596"
          },
          {
            "trust": 2.5,
            "url": "http://secunia.com/advisories/44779"
          },
          {
            "trust": 1.5,
            "url": "http://www.kb.cert.org/vuls/id/126159"
          },
          {
            "trust": 1.0,
            "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
          },
          {
            "trust": 1.0,
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
          },
          {
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/products/idol-modules-connectors/index.en.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/technology/idol-functionality-information-connectivity/index.en.html"
          },
          {
            "trust": 0.8,
            "url": "https://customers.autonomy.com"
          },
          {
            "trust": 0.8,
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026suid=20111006_00"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu126159"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0548"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0548"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/48013"
          },
          {
            "trust": 0.5,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.5,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.5,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.5,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.5,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.4,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10024"
          },
          {
            "trust": 0.4,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/software/lotus/products/notes/"
          },
          {
            "trust": 0.3,
            "url": "http://www.autonomy.com/content/products/keyview/index.en.html"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21500034"
          },
          {
            "trust": 0.3,
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=913"
          },
          {
            "trust": 0.3,
            "url": "http://conference.first.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=2011\u0026amp;suid=20110531_00"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44877/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44877/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44877"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44878"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44878/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44878/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44779"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/evm/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44779/"
          },
          {
            "trust": 0.1,
            "url": "http://www.youtube.com/user/secunia#p/a/u/0/m1y9sjqr2sy"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44779/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44820/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44820/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44820"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50399/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50399"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/csi6beta"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50399/#comments"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#126159"
          },
          {
            "db": "VULHUB",
            "id": "VHN-48493"
          },
          {
            "db": "BID",
            "id": "48013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001933"
          },
          {
            "db": "PACKETSTORM",
            "id": "102365"
          },
          {
            "db": "PACKETSTORM",
            "id": "102187"
          },
          {
            "db": "PACKETSTORM",
            "id": "101914"
          },
          {
            "db": "PACKETSTORM",
            "id": "102081"
          },
          {
            "db": "PACKETSTORM",
            "id": "115865"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201106-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0548"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#126159"
          },
          {
            "db": "VULHUB",
            "id": "VHN-48493"
          },
          {
            "db": "BID",
            "id": "48013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001933"
          },
          {
            "db": "PACKETSTORM",
            "id": "102365"
          },
          {
            "db": "PACKETSTORM",
            "id": "102187"
          },
          {
            "db": "PACKETSTORM",
            "id": "101914"
          },
          {
            "db": "PACKETSTORM",
            "id": "102081"
          },
          {
            "db": "PACKETSTORM",
            "id": "115865"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201106-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0548"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-06-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#126159"
          },
          {
            "date": "2011-07-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-48493"
          },
          {
            "date": "2011-05-24T00:00:00",
            "db": "BID",
            "id": "48013"
          },
          {
            "date": "2011-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001718"
          },
          {
            "date": "2011-07-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001933"
          },
          {
            "date": "2011-06-17T04:44:22",
            "db": "PACKETSTORM",
            "id": "102365"
          },
          {
            "date": "2011-06-12T08:47:41",
            "db": "PACKETSTORM",
            "id": "102187"
          },
          {
            "date": "2011-06-01T04:21:47",
            "db": "PACKETSTORM",
            "id": "101914"
          },
          {
            "date": "2011-06-08T02:09:27",
            "db": "PACKETSTORM",
            "id": "102081"
          },
          {
            "date": "2012-08-24T05:43:31",
            "db": "PACKETSTORM",
            "id": "115865"
          },
          {
            "date": "2011-06-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201106-004"
          },
          {
            "date": "2011-07-18T22:55:00.860000",
            "db": "NVD",
            "id": "CVE-2011-0548"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-06-04T00:00:00",
            "db": "CERT/CC",
            "id": "VU#126159"
          },
          {
            "date": "2013-02-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-48493"
          },
          {
            "date": "2015-03-19T08:17:00",
            "db": "BID",
            "id": "48013"
          },
          {
            "date": "2011-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001718"
          },
          {
            "date": "2011-07-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001933"
          },
          {
            "date": "2011-07-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201106-004"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-0548"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201106-004"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#126159"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201106-004"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200911-0271

    Vulnerability from variot - Updated: 2025-04-10 22:42

    The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers could leverage this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. The attacker may exploit this issue to steal cookie-based authentication credentials and carry out other attacks. NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

    This update provides a solution to this vulnerability.

    Update:

    The wrong package was uploaded for 2009.1. This update addresses that problem.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2823 http://www.kb.cert.org/vuls/id/867593


    Updated Packages:

    Mandriva Linux 2009.1: d20085bdf2db6c017ae2bbd1e66b95a3 2009.1/i586/apache-conf-2.2.11-5.1mdv2009.1.i586.rpm 528faefad6aa4272aa1f4eb028ffa738 2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm

    Mandriva Linux 2009.1/X86_64: 3621be7e9f192f73f0c0435891d5ee1e 2009.1/x86_64/apache-conf-2.2.11-5.1mdv2009.1.x86_64.rpm 528faefad6aa4272aa1f4eb028ffa738 2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

    iD8DBQFLRcf1mqjQ0CJFipgRAu1hAKD028okjckw8ACr/FJhfKYKLYaWKACfYIQK uxRECffkMfmnBqa56GkQhAA= =MP9m -----END PGP SIGNATURE----- .

    Update:

    Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0271",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "10.1.2"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "10.2.6"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "10.1.4"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "10.2.0"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "10.2.5"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "10.1.0"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "10.2.4"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "10.1.5"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "10.2.8"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "10.2.7"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.3"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.7"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.1.3"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.5"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.2"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.1.1"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.6"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.8"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.0"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.11"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.1"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.1"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.2"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.3"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.5"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.7"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.5"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.2"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.10"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.4"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.1.2"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.0"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.3"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0.0"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.1.1"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0.3"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.11"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.1.0"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.0"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0.4"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.7"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.8"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.6"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.3"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.5"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.1.5"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.5"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.10"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.3"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.4"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.0"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.3"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.0"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.8"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.7"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0.0"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.9"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.9"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0.3"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.7"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.8"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.8"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0.4"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.8"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.6"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.3"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.0"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.4"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.7"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.2"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.8"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.9"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.9"
          },
          {
            "model": "mac os x server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.6.1"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.4"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.6"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.1"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.1"
          },
          {
            "model": "mac os x",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.6.1"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.5"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0.2"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.4"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.6"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.2"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.2"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.4"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.1.4"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.6"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.3"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.1"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.1.3"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.1"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.6"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.5"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.0.2"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.6"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.2"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.6"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5.0"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.2.7"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.4.4"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.5"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.3.2"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lotus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.5.8"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.6"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.6.1"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.5.8"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.6"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.8"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.7"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.6"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.5"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.4"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.8"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.7"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.6"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.3"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.5"
          },
          {
            "model": "mac os server",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "model": "mac os",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.0"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.0"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.1"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.0"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.0"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2008.0"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2008.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "BID",
            "id": "36990"
          },
          {
            "db": "BID",
            "id": "36956"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200911-098"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2823"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Brian Mastenbrook\nRegis Duchesne\nNicolas Joly",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200911-098"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2009-2823",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2009-2823",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-40269",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2009-2823",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#867593",
                "trust": 0.8,
                "value": "3.71"
              },
              {
                "author": "NVD",
                "id": "CVE-2009-2823",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200911-098",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-40269",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "VULHUB",
            "id": "VHN-40269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200911-098"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2823"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response.  Attackers could leverage this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. The attacker may exploit this issue to steal cookie-based authentication credentials and carry out other attacks. \nNOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. \n \n This update provides a solution to this vulnerability. \n\n Update:\n\n The wrong package was uploaded for 2009.1. This update addresses\n that problem. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2823\n http://www.kb.cert.org/vuls/id/867593\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.1:\n d20085bdf2db6c017ae2bbd1e66b95a3  2009.1/i586/apache-conf-2.2.11-5.1mdv2009.1.i586.rpm \n 528faefad6aa4272aa1f4eb028ffa738  2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n 3621be7e9f192f73f0c0435891d5ee1e  2009.1/x86_64/apache-conf-2.2.11-5.1mdv2009.1.x86_64.rpm \n 528faefad6aa4272aa1f4eb028ffa738  2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLRcf1mqjQ0CJFipgRAu1hAKD028okjckw8ACr/FJhfKYKLYaWKACfYIQK\nuxRECffkMfmnBqa56GkQhAA=\n=MP9m\n-----END PGP SIGNATURE-----\n. \n\n Update:\n\n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2009-2823"
          },
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          },
          {
            "db": "BID",
            "id": "36990"
          },
          {
            "db": "BID",
            "id": "36956"
          },
          {
            "db": "VULHUB",
            "id": "VHN-40269"
          },
          {
            "db": "PACKETSTORM",
            "id": "84916"
          },
          {
            "db": "PACKETSTORM",
            "id": "84920"
          },
          {
            "db": "PACKETSTORM",
            "id": "82720"
          }
        ],
        "trust": 3.24
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-40269",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-40269"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2009-2823",
            "trust": 3.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2009-3184",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "36956",
            "trust": 2.0
          },
          {
            "db": "CERT/CC",
            "id": "VU#867593",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "13090",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002323",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200911-098",
            "trust": 0.7
          },
          {
            "db": "APPLE",
            "id": "APPLE-SA-2009-11-09-1",
            "trust": 0.6
          },
          {
            "db": "MANDRIVA",
            "id": "MDVSA-2009:300",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "36990",
            "trust": 0.4
          },
          {
            "db": "PACKETSTORM",
            "id": "84920",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "84916",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "82720",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-40269",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "VULHUB",
            "id": "VHN-40269"
          },
          {
            "db": "BID",
            "id": "36990"
          },
          {
            "db": "BID",
            "id": "36956"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          },
          {
            "db": "PACKETSTORM",
            "id": "84916"
          },
          {
            "db": "PACKETSTORM",
            "id": "84920"
          },
          {
            "db": "PACKETSTORM",
            "id": "82720"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200911-098"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2823"
          }
        ]
      },
      "id": "VAR-200911-0271",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-40269"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-10T22:42:37.223000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HT3937",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/HT3937"
          },
          {
            "title": "HT3937",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/HT3937?viewlocale=ja_JP"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-40269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2823"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "trust": 1.7,
            "url": "http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/36956"
          },
          {
            "trust": 1.7,
            "url": "http://support.apple.com/kb/ht3937"
          },
          {
            "trust": 1.7,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:300"
          },
          {
            "trust": 1.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2823"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc2616.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.cgisecurity.com/whitehat-mirror/wh-whitepaper_xst_ebook.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/tools/urlscan.asp"
          },
          {
            "trust": 0.8,
            "url": "http://httpd.apache.org/docs/mod/mod_rewrite.html"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp"
          },
          {
            "trust": 0.8,
            "url": "http://www.w3.org/dom/"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/dhtml_node_entry.asp"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/workshop/author/dhtml/reference/properties/cookie.asp"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xmlsdk/htm/xml_obj_ixmlhttprequest_8bp0.asp"
          },
          {
            "trust": 0.8,
            "url": "http://www.apacheweek.com/issues/03-01-24#news"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/13090/"
          },
          {
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57670-1"
          },
          {
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1"
          },
          {
            "trust": 0.8,
            "url": "http://www-1.ibm.com/support/docview.wss?\u0026uid=swg21201202"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.sun.com/meena/entry/disabling_trace_in_sun_java"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2823"
          },
          {
            "trust": 0.3,
            "url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
          },
          {
            "trust": 0.3,
            "url": "http://www.apple.com/macosx/"
          },
          {
            "trust": 0.3,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/867593"
          },
          {
            "trust": 0.3,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2823"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "VULHUB",
            "id": "VHN-40269"
          },
          {
            "db": "BID",
            "id": "36990"
          },
          {
            "db": "BID",
            "id": "36956"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          },
          {
            "db": "PACKETSTORM",
            "id": "84916"
          },
          {
            "db": "PACKETSTORM",
            "id": "84920"
          },
          {
            "db": "PACKETSTORM",
            "id": "82720"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200911-098"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2823"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "VULHUB",
            "id": "VHN-40269"
          },
          {
            "db": "BID",
            "id": "36990"
          },
          {
            "db": "BID",
            "id": "36956"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          },
          {
            "db": "PACKETSTORM",
            "id": "84916"
          },
          {
            "db": "PACKETSTORM",
            "id": "84920"
          },
          {
            "db": "PACKETSTORM",
            "id": "82720"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200911-098"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2823"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2003-01-24T00:00:00",
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "date": "2009-11-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-40269"
          },
          {
            "date": "2009-11-09T00:00:00",
            "db": "BID",
            "id": "36990"
          },
          {
            "date": "2009-11-09T00:00:00",
            "db": "BID",
            "id": "36956"
          },
          {
            "date": "2009-12-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          },
          {
            "date": "2010-01-07T19:00:49",
            "db": "PACKETSTORM",
            "id": "84916"
          },
          {
            "date": "2010-01-07T19:30:34",
            "db": "PACKETSTORM",
            "id": "84920"
          },
          {
            "date": "2009-11-18T13:32:22",
            "db": "PACKETSTORM",
            "id": "82720"
          },
          {
            "date": "2009-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200911-098"
          },
          {
            "date": "2009-11-10T19:30:01.233000",
            "db": "NVD",
            "id": "CVE-2009-2823"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2009-08-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "date": "2009-11-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-40269"
          },
          {
            "date": "2010-01-07T15:52:00",
            "db": "BID",
            "id": "36990"
          },
          {
            "date": "2009-11-11T20:56:00",
            "db": "BID",
            "id": "36956"
          },
          {
            "date": "2009-12-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-002323"
          },
          {
            "date": "2009-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200911-098"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2009-2823"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "84916"
          },
          {
            "db": "PACKETSTORM",
            "id": "84920"
          },
          {
            "db": "PACKETSTORM",
            "id": "82720"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200911-098"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Web servers enable HTTP TRACE method by default",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xss",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "84916"
          },
          {
            "db": "PACKETSTORM",
            "id": "84920"
          },
          {
            "db": "PACKETSTORM",
            "id": "82720"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200911-098"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-200203-0024

    Vulnerability from variot - Updated: 2025-04-03 22:25

    Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. For details, refer to each product.Please refer to the “Overview” for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. The resultant crash may be due to a buffer overflow condition. If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. Cisco products contain multiple vulnerabilities in handling of SNMP requests and traps. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. It is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance. The affected device may reset, or require a manual reset to regain functionality.

    -----BEGIN PGP SIGNED MESSAGE-----

    CERT Advisory CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)

    Original release date: February 12, 2002 Last revised: -- Source: CERT/CC

    A complete revision history can be found at the end of this file.

    Systems Affected

    Products from a very wide variety of vendors may be affected. See Vendor Information for details from vendors who have provided feedback for this advisory.

    In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from http://www.kb.cert.org/vuls/id/854306 http://www.kb.cert.org/vuls/id/107186

    Many other systems making use of SNMP may also be vulnerable but were not specifically tested.

    In addition to this advisory, we also have an FAQ available at http://www.cert.org/tech_tips/snmp_faq.html

    I. Version 1 of the protocol (SNMPv1) defines several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send unsolicited alerts. The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) has reported numerous vulnerabilities in SNMPv1 implementations from many different vendors. More information about SNMP and OUSPG can be found in Appendix C

    OUSPG's research focused on the manner in which SNMPv1 agents and managers handle request and trap messages. A trap message may indicate a warning or error condition or otherwise notify the manager about the agent's state. SNMP managers must properly decode trap messages and process the resulting data. Request messages might be issued to obtain information from an agent or to instruct the agent to configure the host device.

    Vulnerabilities in the decoding and subsequent processing of SNMP messages by both managers and agents may result in denial-of-service conditions, format string vulnerabilities, and buffer overflows. Some vulnerabilities do not require the SNMP message to use the correct SNMP community string.

    These vulnerabilities have been assigned the CVE identifiers CAN-2002-0012 and CAN-2002-0013, respectively.

    II. Specific impacts will vary from product to product.

    III. Solution

    Note that many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.

    Apply a patch from your vendor

    Appendix A contains information provided by vendors for this advisory. Please consult this appendix to determine if you need to contact your vendor directly.

    Disable the SNMP service

    As a general rule, the CERT/CC recommends disabling any service or capability that is not explicitly required, including SNMP. Unfortunately, some of the affected products exhibited unexpected behavior or denial of service conditions when exposed to the OUSPG test suite even if SNMP was not enabled. In these cases, disabling SNMP should be used in conjunction with the filtering practices listed below to provide additional protection.

    Ingress filtering

    As a temporary measure, it may be possible to limit the scope of these vulnerabilities by blocking access to SNMP services at the network perimeter.

    Ingress filtering manages the flow of traffic as it enters a network under your administrative control. Servers are typically the only machines that need to accept inbound traffic from the public Internet. In the network usage policy of many sites, there are few reasons for external hosts to initiate inbound traffic to machines that provide no public services. Thus, ingress filtering should be performed at the border to prohibit externally initiated inbound traffic to non-authorized services. For SNMP, ingress filtering of the following ports can prevent attackers outside of your network from impacting vulnerable devices in the local network that are not explicitly authorized to provide public SNMP services.

    snmp 161/udp # Simple Network Management Protocol (SNMP) snmp 162/udp # SNMP system management messages

    The following services are less common, but may be used on some affected products

    snmp 161/tcp # Simple Network Management Protocol (SNMP) snmp 162/tcp # SNMP system management messages smux 199/tcp # SNMP Unix Multiplexer smux 199/udp # SNMP Unix Multiplexer synoptics-relay 391/tcp # SynOptics SNMP Relay Port synoptics-relay 391/udp # SynOptics SNMP Relay Port agentx 705/tcp # AgentX snmp-tcp-port 1993/tcp # cisco SNMP TCP port snmp-tcp-port 1993/udp # cisco SNMP TCP port

    As noted above, you should carefully consider the impact of blocking services that you may be using.

    It is important to note that in many SNMP implementations, the SNMP daemon may bind to all IP interfaces on the device. This has important consequences when considering appropriate packet filtering measures required to protect an SNMP-enabled device. For example, even if a device disallows SNMP packets directed to the IP addresses of its normal network interfaces, it may still be possible to exploit these vulnerabilities on that device through the use of packets directed at the following IP addresses: * "all-ones" broadcast address * subnet broadcast address * any internal loopback addresses (commonly used in routers for management purposes, not to be confused with the IP stack loopback address 127.0.0.1)

    Careful consideration should be given to addresses of the types mentioned above by sites planning for packet filtering as part of their mitigation strategy for these vulnerabilities.

    Finally, sites may wish to block access to the following RPC services related to SNMP (listed as name, program ID, alternate names)

    snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys snmp-utk snmpv2 100138 na.snmpv2 # SNM Version 2.2.2 snmpXdmid 100249

    Please note that this workaround may not protect vulnerable devices from internal attacks.

    Filter SNMP traffic from non-authorized internal hosts

    In many networks, only a limited number of network management systems need to originate SNMP request messages. Therefore, it may be possible to configure the SNMP agent systems (or the network devices in between the management and agent systems) to disallow request messages from non-authorized systems. This can reduce, but not wholly eliminate, the risk from internal attacks. However, it may have detrimental effects on network performance due to the increased load imposed by the filtering, so careful consideration is required before implementation. Similar caveats to the previous workaround regarding broadcast and loopback addresses apply.

    Change default community strings

    Most SNMP-enabled products ship with default community strings of "public" for read-only access and "private" for read-write access. As with any known default access control mechanism, the CERT/CC recommends that network administrators change these community strings to something of their own choosing. However, even when community strings are changed from their defaults, they will still be passed in plaintext and are therefore subject to packet sniffing attacks. SNMPv3 offers additional capabilities to ensure authentication and privacy as described in RFC2574.

    Because many of the vulnerabilities identified in this advisory occur before the community strings are evaluated, it is important to note that performing this step alone is not sufficient to mitigate the impact of these vulnerabilities. Nonetheless, it should be performed as part of good security practice.

    Segregate SNMP traffic onto a separate management network

    In situations where blocking or disabling SNMP is not possible, exposure to these vulnerabilities may be limited by restricting all SNMP access to separate, isolated management networks that are not publicly accessible. Although this would ideally involve physically separate networks, that kind of separation is probably not feasible in most environments. Mechanisms such as virtual LANs (VLANs) may be used to help segregate traffic on the same physical network. Note that VLANs may not strictly prevent an attacker from exploiting these vulnerabilities, but they may make it more difficult to initiate the attacks.

    Another option is for sites to restrict SNMP traffic to separate virtual private networks (VPNs), which employ cryptographically strong authentication.

    Note that these solutions may require extensive changes to a site's network architecture.

    Egress filtering

    Egress filtering manages the flow of traffic as it leaves a network under your administrative control. There is typically limited need for machines providing public services to initiate outbound traffic to the Internet. In the case of SNMP vulnerabilities, employing egress filtering on the ports listed above at your network border can prevent your network from being used as a source for attacks on other sites.

    Disable stack execution

    Disabling executable stacks (on systems where this is configurable) can reduce the risk of "stack smashing" attacks based on these vulnerabilities. Although this does not provide 100 percent protection against exploitation of these vulnerabilities, it makes the likelihood of a successful exploit much smaller. On many UNIX systems, executable stacks can be disabled by adding the following lines to /etc/system:

    set noexec_user_stack = 1 set noexec_user_stack_log = 1

    Note that this may go against the SPARC and Intel ABIs and can be bypassed as required in programs with mprotect(2). For the changes to take effect you will then need to reboot.

    Other operating systems and architectures also support the disabling of executable stacks either through native configuration parameters or via third-party software. Consult your vendor(s) for additional information.

    Share tools and techniques

    Because dealing with these vulnerabilities to systems and networks is so complex, the CERT/CC will provide a forum where administrators can share ideas and techniques that can be used to develop proper defenses. We have created an unmoderated mailing list for system and network administrators to discuss helpful techniques and tools.

    You can subscribe to the mailing list by sending an email message to majordomo@cert.org. In the body of the message, type

    subscribe snmp-forum

    After you receive the confirmation message, follow the instructions in the message to complete the subscription process.

    Appendix A. - Vendor Information

    This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.

    AdventNet

     This  is in reference to your notification regarding [VU#107186 and
     VU#854306]  and  OUSPG#0100.   AdventNet  Inc.  has reproduced this
     behavior  in  their  products and coded a Service Pack fix which is
     currently   in   regression   testing   in  AdventNet  Inc.'s  Q.A. 
     organization.    The  release  of  AdventNet  Inc's.  Service  Pack
     correcting  the  behavior  outlined in VU#617947, and OUSPG#0100 is
     scheduled  to  be  generally  available  to all of AdventNet Inc.'s
     customers by February 20, 2002.
    

    Avaya

     Avaya  Inc.
    

    CacheFlow

     The  purpose of this email is to advise you that CacheFlow Inc. has
     provided a software update. Please be advised that updated versions
     of  the  software  are  now  available  for all supported CacheFlow
     hardware  platforms,  and may be obtained by CacheFlow customers at
     the following URL:
    
          http://download.cacheflow.com/
    

    The specific reference to the software update is contained within the Release Notes for CacheOS Versions 3.1.22 Release ID 17146, 4.0.15 Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149.

    RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm

    RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm

     * SR   1-1647517,   VI  13045:  This  update  modified  a  potential
     vulnerability by using an SNMP test tools exploit.
    

    3Com Corporation

     A  vulnerability to an SNMP packet with an invalid length community
     string  has  been  resolved  in  the  following products. Customers
     concerned  about  this  weakness should ensure that they upgrade to
     the following agent versions:
     PS Hub 40
     2.16 is due Feb 2002
     PS Hub 50
     2.16 is due Feb 2002
     Dual Speed Hub
     2.16 is due Jan 2002
     Switch 1100/3300
     2.68 is available now
     Switch 4400
     2.02 is available now
     Switch 4900
     2.04 is available now
     WebCache1000/3000
     2.00 is due Jan 2002
    

    Caldera

     Caldera   International,  Inc.  has  reproduced  faulty behavior in
     Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX
     8.  We have coded a software fix for  supported versions of Caldera
     UnixWare  7  and  Caldera  Open UNIX 8 that will  be available from
     our   support   site  at  http://stage.caldera.com/support/security
     immediately  following the publication of this CERT announcement. A
     fix  for  supported versions of OpenServer 5 will be available at a
     later date.
    

    Cisco Systems

     Cisco  Systems  is  addressing  the  vulnerabilities  identified by
     VU#854306  and VU#107186 across its entire product line. Cisco will
     publish    a    security   advisory   with   further   details   at
     http://www.cisco.com/go/psirt/.
    

    Compaq Computer Corporation

     x-ref: SSRT0779U SNMP
     At  the time of writing this document, COMPAQ continues to evaluate
     this potential problem and when new versions of SNMP are available,
     COMPAQ  will implement solutions based on the new code. Compaq will
     provide  notice  of  any  new  patches  as  a result of that effort
     through  standard  patch  notification  procedures and be available
     from your normal Compaq Services support channel.
    

    Computer Associates

     Computer  Associates  has  confirmed Unicenter vulnerability to the
     SNMP  advisory identified by CERT notification reference [VU#107186
     &   VU#854306]   and   OUSPG#0100.   We  have  produced  corrective
     maintenance  to  address  these  vulnerabilities,  which  is in the
     process  of publication for all applicable releases / platforms and
     will  be  offered  through the CA Support site.  Please contact our
     Technical    Support   organization   for   information   regarding
     availability / applicability for your specific configuration(s).
    

    COMTEK Services, Inc.

     NMServer  for  AS/400  is  not  an SNMP master and is therefore not
     vulnerable.  However  this  product  requires the use of the AS/400
     SNMP  master  agent  supplied  by  IBM.
    
     NMServer   for  OpenVMS  has  been  tested  and  has  shown  to  be
     vulnerable.  COMTEK  Services  is  preparing  a new release of this
     product  (version  3.5)  which will contain a fix for this problem. 
     This  new  release  is  scheduled to be available in February 2002. 
     Contact COMTEK Services for further information.
    
     NMServer  for VOS has not as yet been tested; vulnerability of this
     agent  is  unknown.  Contact for further information on the testing
     schedule of the VOS product.
    

    Covalent Technologies

     Covalent Technologies ERS (Enterprise Ready Server), Secure Server,
     and  Conductor  SNMP module are not vulnerable according to testing
     performed   in   accordance  with  CERT  recommendations.  Security
     information for Covalent products can be found at www.covalent.net
    

    Dartware, LLC

     Dartware,  LLC  (www.dartware.com)  supplies  two products that use
     SNMPv1  in  a  manager  role,  InterMapper  and SNMP Watcher.  This statement applies to all present
     and past versions of these two software packages.
    

    DMH Software

     DMH  Software  is  in  the  process of evaluating and attempting to
     reproduce this behavior. 
     It  is  unclear at this point if our snmp-agent is sensitive to the
     tests described above. 
     If  any  problems  will  be  discovered,  DMH  Software will code a
     software fix. 
     The  release of DMH Software OS correcting the behavior outlined in
     VU#854306, VU#107186, and OUSPG#0100 will be generally available to
     all of DMH Software's customers as soon as possible.
    

    EnGarde Secure Linux

     EnGarde  Secure  Linux  did  not  ship any SNMP packages in version
     1.0.1 of our distribution, so we are not vulnerable to either bug.
    

    FreeBSD

     FreeBSD  does  not  include any SNMP software by default, and so is
     not vulnerable.  However, the FreeBSD Ports Collection contains the
     UCD-SNMP   /   NET-SNMP   package.    Package   versions  prior  to
     ucd-snmp-4.2.3  are  vulnerable.   The upcoming FreeBSD 4.5 release
     will  ship  the  corrected  version  of  the  UCD-SNMP  /  NET-SNMP
     package.   In  addition,  the  corrected version of the packages is
     available from the FreeBSD mirrors.
    
     FreeBSD   has   issued  the  following  FreeBSD  Security  Advisory
     regarding the UCD-SNMP / NET-SNMP package:
     ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09. 
     snmp.asc.
    

    Hewlett-Packard Company

     SUMMARY - known vulnerable:
     ========================================
     hp procurve switch 2524
     NNM  (Network Node Manager)
     JetDirect Firmware (Older versions only)
     HP-UX Systems running snmpd or OPENVIEW
     MC/ServiceGuard
     EMS
     Still under investigation:
     SNMP/iX (MPE/iX)
     ========================================
     _________________________________________________________
     ---------------------------------------------------------
     hp procurve switch 2524 
     ---------------------------------------------------------
     hp procurve switch 2525 (product J4813A) is vulnerable to some
     issues, patches in process. Watch for the associated HP
     Security Bulletin. 
     ---------------------------------------------------------
     NNM  (Network Node Manager)
     ---------------------------------------------------------
     Some problems were found in NNM product were related to
     trap handling. Patches in process. Watch for the
     associated HP Security Bulletin. 
     ---------------------------------------------------------
     JetDirect Firmware (Older versions only)
     ---------------------------------------------------------
     ONLY some older versions of JetDirect Firmware are
     vulnerable to some of the issues.  The older firmware
     can be upgraded in most cases, see list below. 
     JetDirect Firmware Version    State
     ==========================    =====
        X.08.32 and higher     NOT Vulnerable
        X.21.00 and higher     NOT Vulnerable
     JetDirect Product Numbers that can be freely
     upgraded to X.08.32 or X.21.00 or higher firmware. 
     EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)
     J3110A 10T
     J3111A 10T/10B2/LocalTalk
     J3112A Token Ring (discontinued)
     J3113A 10/100 (discontinued)
     J4169A 10/100
     J4167A Token Ring
     MIO (Peripherals LaserJet 4, 4si, 5si, etc...)
     J2550A/B 10T (discontinued)
     J2552A/B 10T/10Base2/LocalTalk (discontinued)
     J2555A/B Token Ring (discontinued)
     J4100A 10/100
     J4105A Token Ring
     J4106A 10T
     External Print Servers
     J2591A EX+ (discontinued)
     J2593A EX+3 10T/10B2 (discontinued)
     J2594A EX+3 Token Ring (discontinued)
     J3263A 300X 10/100
     J3264A 500X Token Ring
     J3265A 500X 10/100
     ----------------------------------------------------------
     HP-UX Systems running snmpd or OPENVIEW
     ----------------------------------------------------------
     The following patches are available now:
       PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch
       PHSS_26138 s700_800 11.X  OV EMANATE14.2 Agent Consolidated Patch
       PSOV_03087 EMANATE Release 14.2 Solaris 2.X  Agent Consolidated
     Patch
     All three patches are available from:
     http://support.openview.hp.com/cpe/patches/
     In addition PHSS_26137 and PHSS_26138 will soon be available from:
     http://itrc.hp.com
     ================================================================
     NOTE: The patches are labeled OV(Open View). However, the patches
     are also applicable to systems that are not running Open View. 
     =================================================================
     Any   HP-UX  10.X  or  11.X  system  running  snmpd  or  snmpdm  is
     vulnerable. 
     To determine if your HP-UX system has snmpd or snmpdm installed:
       swlist -l file | grep snmpd
     If a patch is not available for your platform or you cannot install
     an  available  patch,  snmpd and snmpdm can be disabled by removing
     their
     entries  from  /etc/services  and  removing the execute permissions
     from
     /usr/sbin/snmpd and /usr/sbin/snmpdm. 
     ----------------------------------------------------------------
     Investigation completed, systems vulnerable. 
     ----------------------------------------------------------------
     MC/ServiceGuard
     Event Monitoring System  (EMS)
     ----------------------------------------------------------------
       Still under investigation:
     ----------------------------------------------------------------
     SNMP/iX (MPE/iX)
    

    Hirschmann Electronics GmbH & Co. KG

     Hirschmann  Electronics  GmbH  &  Co.  KG supplies a broad range of
     networking  products,  some  of  which  are  affected  by  the SNMP
     vulnerabilities  identified by CERT Coordination Center. The manner
     in  which they are affected and the actions required to avoid being
     impacted  by  exploitation  of  these  vulnerabilities,  vary  from
     product to product. Hirschmann customers may contact our Competence
     Center (phone +49-7127-14-1538, email:
     ans-support@nt.hirschmann.de)     for    additional    information,
     especially  regarding  availability  of  latest  firmware  releases
     addressing the SNMP vulnerabilities.
    

    IBM Corporation

     Based  upon  the  results  of  running  the  test  suites  we  have
     determined  that  our  version  of  SNMP  shipped  with  AIX is NOT
     vulnerable.
    

    Innerdive Solutions, LLC

     Innerdive Solutions, LLC has two SNMP based products:
     1. The "SNMP MIB Scout"
     (http://www.innerdive.com/products/mibscout/)
     2. The "Router IP Console" (http://www.innerdive.com/products/ric/)
     The "SNMP MIB Scout" is not vulnerable to either bug. 
     The "Router IP Console" releases prior to 3.3.0.407 are vulnerable. 
     The release of "Router IP Console" correcting the behavior outlined
     in  OUSPG#0100  is  3.3.0.407 and is already available on our site. 
     Also,  we  will  notify all our customers about this new release no
     later than March 5, 2002.
    

    Juniper Networks

     This  is  in reference to your notification regarding CAN-2002-0012
     and  CAN-2002-0013.   Juniper Networks has reproduced this behavior
     and coded a software fix.  The fix will be included in all releases
     of  JUNOS Internet software built after January 5, 2002.  Customers
     with  current  support contracts can download new software with the
     fix from Juniper's web site at www.juniper.net. 
     Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can
     only  be  reproduced  in JUNOS Internet software if certain tracing
     options  are  enabled.   These options are generally not enabled in
     production routers.
    

    Lantronix, Inc.

     Lantronix  is  committed  to  resolving  security  issues  with our
     products.  The SNMP security bug you reported has been fixed in LRS
     firmware version B1.3/611(020123).
    

    Lotus Development Corporation

     Lotus    Software   evaluated   the   Lotus   Domino   Server   for
     vulnerabilities using the test suite materials provided by OUSPG. 
     This  problem  does  not affect default installations of the Domino
     Server.   However,  SNMP  agents  can  be  installed from the CD to
     provide  SNMP  services for the Domino Server (these are located in
     the   /apps/sysmgmt/agents   directory).    The  optional  platform
     specific  master  and  encapsulator  agents included with the Lotus
     Domino  SNMP  Agents  for  HP-UX  and Solaris have been found to be
     vulnerable.  For  those  platforms,  customers  should  upgrade  to
     version  R5.0.1  a  of  the Lotus Domino SNMP Agents, available for
     download  from the Lotus Knowledge Base on the IBM Support Web Site
     (http://www.ibm.com/software/lotus/support/).   Please   refer   to
     Document  #191059,  "Lotus Domino SNMP Agents R5.0.1a", also in the
     Lotus Knowledge Base, for more details.
    

    LOGEC Systems Inc

     The  products  from  LOGEC  Systems are exposed to SNMP only via HP
     OpenView.  We  do  not have an implementation of SNMP ourselves. As
     such,  there is nothing in our products that would be an issue with
     this alert.
    

    Lucent

     Lucent is aware of reports that there is a vulnerability in certain
     implementations  of  the  SNMP (Simple Network Management Protocol)
     code  that  is  used in data switches and other hardware throughout
     the telecom industry. 
     As soon as we were notified by CERT, we began assessing our product
     portfolio  and  notifying  customers  with  products  that might be
     affected. 
     Our  5ESS  switch  and  most  of  our  optical  portfolio  were not
     affected.   Our  core  and  edge  ATM switches and most of our edge
     access  products  are  affected, but we have developed, tested, and
     deployed  fixes for many of those products to our customers.  Fixes
     for  the  rest  of the affected product portfolio will be available
     shortly. 
     We consider the security and reliability of our customers' networks
     to  be  one  of  our  critical  measures  of success. We take every
     reasonable measure to ensure their satisfaction. 
     In  addition,  we  are  working  with  customers on ways to further
     enhance the security they have in place today.
    

    Marconi

     Marconi  supplies  a  broad range of telecommunications and related
     products,  some  of  which are affected by the SNMP vulnerabilities
     identified  here.  The  manner  in  which they are affected and the
     actions  required  (if any) to avoid being impacted by exploitation
     of  these  vulnerabilities,  vary  from  product  to product. Those
     Marconi   customers   with  support  entitlement  may  contact  the
     appropriate   Technical  Assistance  Center  (TAC)  for  additional
     information.  Those not under support entitlement may contact their
     sales representative.
    

    Microsoft Corporation

     The  Microsoft  Security Reponse [sic] Center has investigated this
     issue, and provides the following information.
    
     Summary:
     All  Microsoft  implementations  of  SNMP  v1  are  affected by the
     vulnerability.  The  SNMP v1 service is not installed or running by
     default on any version of Windows. A patch is underway to eliminate
     the  vulnerability.  In  the  meantime,  we recommend that affected
     customers disable the SNMP v1 service.
    
     Details:
     An  SNMP  v1 service ships on the CDs for Windows 95, 98, and 98SE. 
     It  is  not  installed  or  running  by  default  on  any  of these
     platforms.  An SNMP v1 is NOT provided for Windows ME.  However, it
     is  possible  that  Windows  98  machines  which  had  the  service
     installed  and  were  upgraded would still have the service.  Since
     SNMP  is  not  supported for WinME, customers in this situation are
     urged to remove the SNMP service. 
     An  SNMP  v1  service  is  available  on  Windows NT 4.0 (including
     Terminal  Server  Edition) and Windows 2000 but is not installed or
     running  by  default  on any of these platforms.Windows XP does not
     ship with an SNMP v1 service.
    
     Remediation:
     A  patch  is  underway  for  the  affected  platforms,  and will be
     released  shortly.  In  the  meantime,  Microsoft  recommends  that
     customers  who  have  the  SNMP  v1  service  running disable it to
     protect their systems. Following are instruction for doing this:
    
     Windows 95, 98 and 98SE:
     1. In Control Panel, double-click Network. 
     2. On  the  Configuration  tab,  select Microsoft SNMP Agent from the
        list of installed components. 
     3. Click Remove
    
     Check the following keys and confirm that snmp.exe is not listed. 
     HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunSer
     vices
     HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    
     For Windows XP:
     1. Right-click on My Computer and select Manage
     2. Click on Services and Applications, then on Services
     3. Location  SNMP  on  the list of services, then select it and click
        Stop. 
     4. Select Startup, and click Disabled. 
     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer
        Management window.
    
     For Windows NT 4.0 (including Terminal Server Edition):
     1. Select Start, then Settings. 
     2. Select Control Panel, then click on the Services Icon
     3. Locate  SNMP  on  the  list  of services, then select it and click
        Stop. 
     4. Select Startup, and click Disabled. 
     5. Click OK to close the dialoge [sic], then close Control Panel
    
     Windows 2000:
     1. Right-click on My Computer and select Manage
     2. Click on Services and Applications, then on Services
     3. Location  SNMP  on  the list of services, then select it and click
        Stop. 
     4. Select Startup, and click Disabled. 
     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer
        Management window.
    

    Multinet

     MultiNet  and  TCPware customers should contact Process Software to
     check  for  the availability of patches for this issue. A couple of
     minor  problems were found and fixed, but there is no security risk
     related to the SNMP code included with either product.
    

    Netaphor

     NETAPHOR  SOFTWARE INC. is the creator of Cyberons for Java -- SNMP
     Manager  Toolkit  and Cyberons for Java -- NMS Application Toolkit,
     two   Java  based  products  that  may  be  affected  by  the  SNMP
     vulnerabilities  identified  here.  The  manner  in  which they are
     affected  and the actions required (if any) to avoid being impacted
     by  exploitation  of  these  vulnerabilities,  may  be  obtained by
     contacting  Netaphor  via email at info@netaphor.com Customers with
     annual support may contact support@netaphor.com directly. Those not
     under    support    entitlement   may   contact   Netaphor   sales:
     sales@netaphor.com or (949) 470 7955 in USA.
    

    NetBSD

     NetBSD does not ship with any SNMP tools in our 'base' releases. We
     do  provide  optional  packages  which  provide various support for
     SNMP.  These  packages  are  not installed by default, nor are they
     currently  provided  as  an  install option by the operating system
     installation tools. A system administrator/end-user has to manually
     install this with our package management tools. These SNMP packages
     include:
          + netsaint-plugin-snmp-1.2.8.4  (SNMP  monitoring  plug-in  for
            netsaint)
          + p5-Net-SNMP-3.60 (perl5 module for SNMP queries)
          + p5-SNMP-3.1.0  (Perl5  module for interfacing to the UCD SNMP
            library
          + p5-SNMP_Session-0.83   (perl5  module  providing  rudimentary
            access to remote SNMP agents)
          + ucd-snmp-4.2.1  (Extensible  SNMP  implementation) (conflicts
            with ucd-snmp-4.1.2)
          + ucd-snmp-4.1.2  (Extensible  SNMP  implementation) (conflicts
            with ucd-snmp-4.2.1)
    
     We    do   provide   a   software   monitoring   mechanism   called
     'audit-packages',  which allows us to highlight if a package with a
     range  of  versions  has  a potential vulnerability, and recommends
     that the end-user upgrade the packages in question.
    

    Netscape Communications Corporation

     Netscape  continues  to be committed to maintaining a high level of
     quality  in  our  software  and  service  offerings.  Part  of this
     commitment  includes  prompt response to security issues discovered
     by organizations such as the CERT Coordination Center. 
     According  to a recent CERT/CC advisory, The Oulu University Secure
     Programming  Group (OUSPG) has reported numerous vulnerabilities in
     multiple  vendor  SNMPv1 implementations. 
     We  have  carefully  examined the reported findings, performing the
     tests  suggested  by the OUSPG to determine whether Netscape server
     products  were  subject to these vulnerabilities. It was determined
     that several products fell into this category. As a result, we have
     created  fixes  which will resolve the issues, and these fixes will
     appear  in  future  releases  of  our  product  line. To Netscape's
     knowledge,  there  are  no known instances of these vulnerabilities
     being exploited and no customers have been affected to date. 
     When such security warnings are issued, Netscape has committed to -
     and will continue to commit to - resolving these issues in a prompt
     and timely fashion, ensuring that our customers receive products of
     the highest quality and security.
    

    NET-SNMP

     All  ucd-snmp  version  prior  to  4.2.2  are  susceptible  to this
     vulnerability  and  users  of  versions  prior to version 4.2.2 are
     encouraged   to   upgrade   their  software  as  soon  as  possible
     (http://www.net-snmp.org/download/).  Version  4.2.2 and higher are
     not susceptible.
    

    Network Associates

     PGP is not affected, impacted, or otherwise related to this VU#.
    

    Network Computing Technologies

     Network   Computing   Technologies  has  reviewed  the  information
     regarding  SNMP  vulnerabilities and is currently investigating the
     impact to our products.
    

    Nokia

     This  vulnerability  is  known  to affect IPSO versions 3.1.3, 3.3,
     3.3.1,  3.4,  and  3.4.1.   Patches  are  currently  available  for
     versions  3.3,  3.3.1,  3.4  and  3.4.1 for download from the Nokia
     website.   In  addition,  version  3.4.2  shipped  with  the  patch
     incorporated,  and the necessary fix will be included in all future
     releases of IPSO. 
     We  recommend customers install the patch immediately or follow the
     recommended precautions below to avoid any potential exploit. 
     If you are not using SNMP services, including Traps, simply disable
     the   SNMP   daemon   to   completely   eliminate   the   potential
     vulnerability. 
     If   you  are  using  only  SNMP  Traps  and  running  Check  Point
     FireWall-1,  create  a  firewall  policy  to disallow incoming SNMP
     messages on all appropriate interfaces. Traps will continue to work
     normally.
    

    Nortel Networks

     The  CERT Coordination Center has issued a broad based alert to the
     technology industry, including Nortel Networks, regarding potential
     security   vulnerabilities   identified   in   the  Simple  Network
     Management  Protocol  (SNMP),  a  common  networking  standard. The
     company   is   working   with  CERT  and  other  network  equipment
     manufacturers, the U.S. Government, service providers, and software
     suppliers to assess and address this issue.
    

    Novell

     Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x
     and  6.0  systems. The SNMP and SNMPLOG vulnerabilities detected on
     NetWare  are  fixed and will be available through NetWare 6 Support
     Pack 1 & NetWare 5.1 Support Pack 4. Support packs are available at
     http://support.novell.com/tools/csp/
    

    OpenBSD

     OpenBSD does not ship SNMP code.
    

    Qualcomm

     WorldMail  does  not  support SNMP by default, so customers who run
     unmodified installations are not vulnerable.
    

    Redback Networks, Inc.

     Redback  Networks,  Inc.  has  identified that the vulnerability in
     question  affects  certain versions of AOS software on the SMS 500,
     SMS  1800,  and  SMS 10000 platforms, and is taking the appropriate
     steps necessary to correct the issue.
    

    Red Hat

     RedHat has released a security advisiory [sic] at
     http://www.redhat.com/support/errata/RHSA-2001-163.html
     with  updated  versions  of  the ucd-snmp package for all supported
     releases and architectures. For more information or to download the
     update please visit this page.
    

    SGI

     SGI  acknowledges  the SNMP vulnerabilities reported by CERT and is
     currently  investigating. 
     For  the  protection  of  all our customers, SGI does not disclose,
     discuss  or  confirm vulnerabilities until a full investigation has
     occurred  and  any  necessary  patch(es)  or  release  streams  are
     available  for all vulnerable and supported IRIX operating systems. 
     Until SGI has more definitive information to provide, customers are
     encouraged  to  assume  all security vulnerabilities as exploitable
     and  take  appropriate  steps  according  to  local  site  security
     policies   and   requirements.   As   further  information  becomes
     available,  additional advisories will be issued via the normal SGI
     security  information  distribution  methods  including the wiretap
     mailing list on http://www.sgi.com/support/security/.
    

    SNMP Research International

     SNMP  Research  has  made  the following vendor statement. They are
     likely  to  revise  and  expand  the  statement as the date for the
     public vulnerability announcement draws nearer.   Users  maintaining
     earlier  releases should update to the current release if they have
     not  already  done  so. Other Stonesoft's products are
     still   under   investigation.   As   further  information  becomes
     available, additional advisories will be available at
     http://www.stonesoft.com/support/techcenter/
    

    Sun Microsystems, Inc.

     Sun's  SNMP  product,  Solstice  Enterprise Agents (SEA), described
     here:
     http://www.sun.com/solstice/products/ent.agents/
     is  affected  by VU#854306 but not VU#107186. More specifically the
     main  agent  of  SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8. 
     Sun  is  currently  generating  patches  for this issue and will be
     releasing  a  Sun Security Bulletin once the patches are available. 
     The bulletin will be available from:
     http://sunsolve.sun.com/security.  Sun  patches are available from:
     http://sunsolve.sun.com/securitypatch.
    

    Symantec Corporation

     Symantec Corporation has investigated the SNMP issues identified by
     the  OUSPG test suite and determined that Symantec products are not
     susceptable [sic] to these issues.
    

    TANDBERG

     Tandberg  have  run  all  the  testcases found the PROTOS test-suie
     [sic], c06snmpv1:
     1. c06-snmpv1-trap-enc-pr1.jar
     2. c06-snmpv1-treq-app-pr1.jar
     3. c06-snmpv1-trap-enc-pr1.jar
     4. c06-snmpv1-req-app-pr1.jar
     The  tests  were  run with standard delay time between the requests
     (100ms),  but  also  with  a delay of 1ms. The tests applies to all
     TANDBERG  products (T500, T880, T1000, T2500, T6000 and T8000). The
     software  tested  on these products were B4.0 (our latest software)
     and no problems were found when running the test suite.
    

    Tivoli Systems

     Our  analysis indicates that this vulnerability does not affect the
     Tivoli NetView product.
    

    Appendix B. - References 1. http://www.ee.oulu.fi/research/ouspg/protos/ 2. http://www.kb.cert.org/vuls/id/854306 3. http://www.kb.cert.org/vuls/id/107186 4. http://www.cert.org/tech_tips/denial_of_service.html 5. http://www.ietf.org/rfc/rfc1067.txt 6. http://www.ietf.org/rfc/rfc1089.txt 7. http://www.ietf.org/rfc/rfc1140.txt 8. http://www.ietf.org/rfc/rfc1155.txt 9. http://www.ietf.org/rfc/rfc1156.txt 10. http://www.ietf.org/rfc/rfc1215.txt 11. http://www.ietf.org/rfc/rfc1270.txt 12. http://www.ietf.org/rfc/rfc1352.txt

    Appendix C. - Background Information

     Background Information on the OUSPG
    
       OUSPG  is an academic research group located at Oulu University in
       Finland.  The  purpose  of this research group is to test software
       for vulnerabilities. 
       History  has  shown  that  the  techniques  used by the OUSPG have
       discovered a large number of previously undetected problems in the
       products  and  protocols  they  have  tested.  In  2001, the OUSPG
       produced a comprehensive test suite for evaluating implementations
       of  the  Lightweight  Directory  Access Protocol (LDAP). This test
       suite  was  developed with the strategy of abusing the protocol in
       unsupported  and  unexpected  ways,  and  it was very effective in
       uncovering  a  wide  variety  of  vulnerabilities  across  several
       products.  This approach can reveal vulnerabilities that would not
       manifest themselves under normal conditions. 
       After  completing  its  work  on  LDAP,  OUSPG  moved its focus to
       SNMPv1.  As  with  LDAP,  they designed a custom test suite, began
       testing   a   selection   of  products,  and  found  a  number  of
       vulnerabilities.  Because  OUSPG's  work  on  LDAP  was similar in
       procedure  to its current work on SNMP, you may wish to review the
       LDAP  Test  Suite  and  CERT  Advisory  CA-2001-18, which outlined
       results of application of the test suite. 
       In order to test the security of protocols like SNMPv1, the PROTOS
       project  presents  a  server with a wide variety of sample packets
       containing  unexpected  values  or  illegally formatted data. As a
       member of the PROTOS project consortium, the OUSPG used the PROTOS
       c06-snmpv1  test  suite  to  study  several implementations of the
       SNMPv1  protocol.  Results  of  the  test  suites run against SNMP
       indicate  that  there  are  many different vulnerabilities on many
       different implementations of SNMP. Software and
       firmware products designed for networks often make use of the SNMP
       protocol.  SNMP  runs  on  a  multitude  of  devices and operating
       systems, including, but not limited to,
          + Core  Network  Devices (Routers, Switches, Hubs, Bridges, and
            Wireless Network Access Points)
          + Operating Systems
          + Consumer  Broadband  Network  Devices  (Cable  Modems and DSL
            Modems)
          + Consumer Electronic Devices (Cameras and Image Scanners)
          + Networked   Office  Equipment  (Printers,  Copiers,  and  FAX
            Machines)
          + Network and Systems Management/Diagnostic Frameworks (Network
            Sniffers and Network Analyzers)
          + Uninterruptible Power Supplies (UPS)
          + Networked Medical Equipment (Imaging Units and Oscilloscopes)
          + Manufacturing and Processing Equipment
       The  SNMP  protocol  is  formally defined in RFC1157. Quoting from
       that RFC:
    
                Implicit  in the SNMP architectural model is a collection
                of  network  management  stations  and  network elements. 
                Network    management    stations    execute   management
                applications  which monitor and control network elements. 
                Network  elements  are  devices  such as hosts, gateways,
                terminal  servers,  and  the  like, which have management
                agents  responsible for performing the network management
                functions  requested  by the network management stations.
    
       Additionally,   SNMP  is  discussed  in  a  number  of  other  RFC
       documents:
          + RFC 3000 Internet Official Protocol Standards
          + RFC 1212 Concise MIB Definitions
          + RFC  1213  Management Information Base for Network Management
            of TCP/IP-based Internets: MIB-II
          + RFC  1215  A  Convention  for Defining Traps for use with the
            SNMP
          + RFC 1270 SNMP Communications Services
          + RFC  2570  Introduction to Version 3 of the Internet-standard
            Network Management Framework
          + RFC  2571  An  Architecture  for  Describing  SNMP Management
            Frameworks
          + RFC  2572  Message  Processing and Dispatching for the Simple
            Network Management Protocol (SNMP)
          + RFC 2573 SNMP Applications
          + RFC 2574 User-based Security Model (USM) for version 3 of the
            Simple Network Management Protocol (SNMPv3)
          + RFC  2575  View-based  Access  Control  Model  (VACM) for the
            Simple Network Management Protocol (SNMP)
          + RFC  2576  Coexistence  between  Version  1,  Version  2, and
            Version   3   of  the  Internet-standard  Network  Management
            Framework
         _____________________________________________________________
    
       The  CERT  Coordination  Center  thanks the Oulu University Secure
       Programming  Group  for reporting these vulnerabilities to us, for
       providing  detailed  technical  analyses,  and for assisting us in
       preparing  this  advisory.  We also thank Steven M. Bellovin (AT&T
       Labs  --  Research),  Wes Hardaker (Net-SNMP), Steve Moulton (SNMP
       Research),  Tom Reddington (Bell Labs), Mike Duckett (Bell South),
       Rob   Thomas,  Blue  Boar  (Thievco),  and  the  many  others  who
       contributed to this document. 
         _____________________________________________________________
    
       Feedback  on  this document can be directed to the authors, Ian A. 
       Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D. 
       Householder, Marty Lindner, and Art Manion. 
       __________________________________________________________________
    
       This document is available from:
       http://www.cert.org/advisories/CA-2002-03.html
       __________________________________________________________________
    
       CERT/CC Contact Information
    
        Email: cert@cert.org
                Phone: +1 412-268-7090 (24-hour hotline)
                Fax: +1 412-268-6989
                Postal address:
                CERT Coordination Center
                Software Engineering Institute
                Carnegie Mellon University
                Pittsburgh PA 15213-3890
                U.S.A.
    
       CERT/CC  personnel  answer  the  hotline  08:00-17:00 EST(GMT-5) /
       EDT(GMT-4) Monday through Friday; they are on call for emergencies
       during other hours, on U.S. holidays, and on weekends.
    
       Using encryption
       We  strongly  urge  you  to  encrypt sensitive information sent by
       email. Our public PGP key is available from
        http://www.cert.org/CERT_PGP.key
       If  you  prefer  to use DES, please call the CERT hotline for more
       information.
    
       Getting  security information
       CERT publications and other security information are available
       from our web site
        http://www.cert.org/
       To   subscribe  to  the  CERT  mailing  list  for  advisories  and
       bulletins, send email to majordomo@cert.org. Please include in the
       body of your message
    
         subscribe cert-advisory
    
       * "CERT" and "CERT Coordination Center" are registered in the U.S. 
       Patent and Trademark Office. 
       __________________________________________________________________
    
       NO WARRANTY
       Any  material  furnished  by  Carnegie  Mellon  University and the
       Software  Engineering  Institute is furnished on an "as is" basis. 
       Carnegie Mellon University makes no warranties of any kind, either
       expressed  or  implied as to any matter including, but not limited
       to,   warranty   of   fitness   for   a   particular   purpose  or
       merchantability,  exclusivity  or results obtained from use of the
       material. Carnegie Mellon University does not make any warranty of
       any  kind  with  respect  to  freedom  from  patent, trademark, or
       copyright infringement. 
         _____________________________________________________________
    
       Conditions for use, disclaimers, and sponsorship information
       Copyright 2002 Carnegie Mellon University.
    

    Revision History

       February 12, 2002: Initial release
    

    -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

    iQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU R1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl QUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr uZiMJ5f2SEo= =h42e -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200203-0024",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ios 12.0",
            "scope": "ne",
            "trust": 5.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1",
            "scope": "ne",
            "trust": 3.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "windows nt",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "3com",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "adtran",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "american power conversion",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "aprisma",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "bea",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "bmc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cnt",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "comtek services",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cscare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cacheflow",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "carrier access",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "compaq computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "computer associates",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "concord",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "dart",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "dell",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "digital",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "entrada",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "equinox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "fluke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "general datacomm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hirschmann",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "iplanet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "itouch",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "infovista",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "inktomi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "innerdive",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "ipswitch",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "karlnet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lantronix",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "larscom incorporated",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lotus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lucent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mg soft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "marconi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mercury interactive",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "metrobility optical",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "micromuse",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "monfox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "multinet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "net snmp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "network harmoni",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nbase xyplex",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netscout",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netsilicon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netscape",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "network appliance",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nortel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "novell",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "openwave",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "optical access",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "perle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "powerware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "radware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "redback",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "riverstone",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "snmp research",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sniffer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sonicwall",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sonus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "the sco group sco unix",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "tivoli",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "toshiba",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "unisphere",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vertical",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vina",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "wind river",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "world wide packets",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "xerox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "e security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "net com",
            "version": null
          },
          {
            "model": "ios 12.2",
            "scope": "ne",
            "trust": 1.5,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "cisco",
            "version": "30002.5.2"
          },
          {
            "model": "windows 2000",
            "scope": null,
            "trust": 1.4,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows 98se",
            "scope": null,
            "trust": 1.2,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "ios 12.0 xe",
            "scope": null,
            "trust": 1.2,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 dc2",
            "scope": "ne",
            "trust": 1.2,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "windows 2000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "*"
          },
          {
            "model": "windows 98",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "*"
          },
          {
            "model": "windows xp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "*"
          },
          {
            "model": "windows 95",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "*"
          },
          {
            "model": "windows 98se",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "*"
          },
          {
            "model": "ios 12.0 s6",
            "scope": "ne",
            "trust": 0.9,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nudesign team",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "outback resource group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "veritas",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bintec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "interniche",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ncipher corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netscreen",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nokia",
            "version": null
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "4.3"
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "2.6 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "2.6 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "7.0 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "7.0 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "8 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "8 (x86)"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.00"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.10"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.20"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.00"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.20"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.24"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.04"
          },
          {
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "95"
          },
          {
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "98"
          },
          {
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "98 scd"
          },
          {
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "me"
          },
          {
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "4.0 (server)"
          },
          {
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "4.0 (terminal_srv)"
          },
          {
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "4.0 (workstation)"
          },
          {
            "model": "windows xp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "sp3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "6.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "7.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "7.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "7.2"
          },
          {
            "model": "windows xp gold",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "0"
          },
          {
            "model": "windows",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "95"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "ios 12.0 s7",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 bx",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 st1",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e8",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s8",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 w5",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ios 12.0 xe?",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "30003.1"
          },
          {
            "model": "ios 12.0 s1",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 wc1",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xu",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 db1",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xk",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 st2",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ey",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e3",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 db2",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "30003.0.3"
          },
          {
            "model": "ios 12.1 ex",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "windows 98",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "gold"
          },
          {
            "model": "windows 95",
            "scope": null,
            "trust": 0.6,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows xp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "gold"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.0"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "4.0.1"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "3.0.1"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.1"
          },
          {
            "model": "ios 12.0 wc 2900xl-lre",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "cbos a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4700"
          },
          {
            "model": "ios 12.2 yb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.7"
          },
          {
            "model": "as5850",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xk2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1000"
          },
          {
            "model": "ios 12.1aa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xe2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 ca1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.1.2"
          },
          {
            "model": "ios 12.0s",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hosting solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.3"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1(4.206)"
          },
          {
            "model": "netranger sensor",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yc2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.2"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "as5200",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1da",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vg248 analog phone gateway",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2gs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7750"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4(8)"
          },
          {
            "model": "ios 12.0 wt6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5.1"
          },
          {
            "model": "traffic director",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "ios 12.1 e5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 b2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 t3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3"
          },
          {
            "model": "ios 12.0 xn",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ya2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "as5300",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "icdn software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30002.0"
          },
          {
            "model": "cbos b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.2"
          },
          {
            "model": "ios 11.1 cc4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 4840g",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1 aa4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.2"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "39203.0(7)"
          },
          {
            "model": "secure ids network sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ios 12.2 mx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7100"
          },
          {
            "model": "cva120",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xt3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst native mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "560"
          },
          {
            "model": "ios 12.1 ea1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2sa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yh",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2b",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1005"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.015"
          },
          {
            "model": "ios 12.2 mx1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(1.200)"
          },
          {
            "model": "bpx/igx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12000"
          },
          {
            "model": "content distribution manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4670"
          },
          {
            "model": "ap340",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10700"
          },
          {
            "model": "css11000 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.1"
          },
          {
            "model": "ios 12.1 xi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "distributed director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2501"
          },
          {
            "model": "ios 12.1ec",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "intelligent contact manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.0(1)"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3000"
          },
          {
            "model": "ios 12.1 yi1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 2948g",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 da",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6"
          },
          {
            "model": "ios 12.1 ew",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4(7.202)"
          },
          {
            "model": "ios 12.2 xd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 ya",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "local director",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2bx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 da1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(5)xv5"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4232"
          },
          {
            "model": "ios 12.1 ec",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "user registration tool vlan policy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 dd3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hosting solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(1)"
          },
          {
            "model": "ios 11.1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "igx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 t4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 8540csr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8240",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2dd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0st",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 w5",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7010"
          },
          {
            "model": "unity server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst hybrid mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "ios 12.0 wc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(1)"
          },
          {
            "model": "icdn software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "snmpc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.0.4"
          },
          {
            "model": "ios 12.0 st5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0w5",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2bc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.0"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ios 12.0 sl4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst network analysis module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.2"
          },
          {
            "model": "ios 12.2t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xb3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 db2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82301.2.10"
          },
          {
            "model": "ios 12.1 ey",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "ios 12.0 xs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "590"
          },
          {
            "model": "ios 12.2s",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82501.2.10"
          },
          {
            "model": "catalyst msm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "nsp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6400"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4"
          },
          {
            "model": "ios 12.1 yd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "info center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "ios 12.0 wx5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 yc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e8",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "arrowpoint cs11000",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "secure ids host sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2950"
          },
          {
            "model": "ios 11.1 ct",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ubr7200",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xw",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.3"
          },
          {
            "model": "ios 12.2bc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1ia",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 8540msr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(5)xv4"
          },
          {
            "model": "ios 12.1 t12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "microswitch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1548"
          },
          {
            "model": "ios 12.1 e12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ios 12.0 sx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4000"
          },
          {
            "model": "ios 12.0 st",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 8510csr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xs1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "bpx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea2b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xz7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 b4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2920"
          },
          {
            "model": "ios 12.1 ea1b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2p",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xk3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2600"
          },
          {
            "model": "as5800",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6200"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1700"
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "507"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7000"
          },
          {
            "model": "ios 12.1 e7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.5.1"
          },
          {
            "model": "ios 12.2 t1a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1(2)"
          },
          {
            "model": "ios 12.2 xa5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.1"
          },
          {
            "model": "ios 12.1 ew1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1ca",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.053"
          },
          {
            "model": "catalyst 2948g-l3",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2900"
          },
          {
            "model": "ios 12.2 mb3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(2)"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ios 12.2 t0a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.7"
          },
          {
            "model": "ios 12.0 wc2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ap350",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 dx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 sl6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "as5400",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0sp",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst xl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3500"
          },
          {
            "model": "ios 12.0 wc2b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1400"
          },
          {
            "model": "ios 12.1 yb5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xn1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.1.1"
          },
          {
            "model": "ios 12.1 e6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(3)"
          },
          {
            "model": "bts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10200"
          },
          {
            "model": "ios 12.0 sx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.8"
          },
          {
            "model": "ubr900",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(2)"
          },
          {
            "model": "ios 12.2 xb4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1aa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ios 12.0 t2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xg",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(7)"
          },
          {
            "model": "ios 12.1 xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 sa6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "sc2200/vsc3000",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wan manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xu",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xm2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 aa1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xp",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xh2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0wx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6400"
          },
          {
            "model": "infocenter",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(5)"
          },
          {
            "model": "cache engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "570"
          },
          {
            "model": "call manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xa1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 sc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 bc1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ex",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8260",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(6)"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.1.4"
          },
          {
            "model": "ios 12.1 yi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.0"
          },
          {
            "model": "ios 12.2 xj1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 bc1a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "ios 12.1 xm7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xe",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1.6"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "ios 12.1 ya",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "content router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4430"
          },
          {
            "model": "catalyst supervisor module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "ap352",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7600"
          },
          {
            "model": "internet cdn content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7320"
          },
          {
            "model": "ios 12.1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.3"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0(7)xv"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(3.210)"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(13)"
          },
          {
            "model": "ios 12.2da",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cache engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "505"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0.1"
          },
          {
            "model": "catalyst xl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2900"
          },
          {
            "model": "netranger",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1dc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "ios 12.1 ex3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4"
          },
          {
            "model": "ios 12.0sl",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "br350",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5000"
          },
          {
            "model": "ios 12.2 xt3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "content delivery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4650"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.0"
          },
          {
            "model": "ios 12.0 st3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(5)xv"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4500"
          },
          {
            "model": "ios 12.2 xw1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 da3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "br352",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xu2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "ons metro edge optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15327"
          },
          {
            "model": "ios 12.2 xk",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ey3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "microhub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1500"
          },
          {
            "model": "ios 12.2 t",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yf4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yh3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7320"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "ios 12.0sc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4232-13"
          },
          {
            "model": "ios 11.0",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst msfc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "mgx-8220",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "element management framework",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xh",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3600"
          },
          {
            "model": "catalyst 4908g-l3",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wgb340",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ciscoworks windows/wug",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(5)"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2"
          },
          {
            "model": "ios 12.0 s2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8850 r1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 st4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 gs6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82501.2.11"
          },
          {
            "model": "ios 12.0 xf1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.1"
          },
          {
            "model": "rsfc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "ios 12.1 ec1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1 ia",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ws-x6624",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea2a",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yd6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.5"
          },
          {
            "model": "ios 11.1 ca2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "icdn software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "secure pix firewall",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7500"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3200"
          },
          {
            "model": "ios 12.2 xi1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82301.2.11"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "wgb352",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cat6k nam",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "br340",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xf5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "fasthub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4001.0"
          },
          {
            "model": "ios 12.2 xi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1"
          },
          {
            "model": "ios 12.1 ea2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2mb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rsm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0wt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "nrp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6400"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1.6"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.4"
          },
          {
            "model": "ws-x6608",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 by2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1600"
          },
          {
            "model": "ios 12.1 xz",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xl4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xs?",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.9"
          },
          {
            "model": "catalyst 8510msr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xm1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2500"
          },
          {
            "model": "ios 12.2 ya1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "service expansion shelf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xn",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 s",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst msfc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3"
          },
          {
            "model": "ios 12.0 xe1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "iad",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8110"
          },
          {
            "model": "ios 12.1 ex4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xe2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4000"
          },
          {
            "model": "ios 12.1 e9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "ios 11.1ct",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3(3)"
          },
          {
            "model": "ios 12.1 xp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7300"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3550"
          },
          {
            "model": "ios 12.1t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8850 r2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xd3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea1a",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "internet cdn content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "590"
          },
          {
            "model": "ciscoworks windows",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 aa",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.2"
          },
          {
            "model": "ios 12.2 xk2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "esr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10000"
          },
          {
            "model": "ls1010 atm switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 dc1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.7.002"
          },
          {
            "model": "content router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4450"
          },
          {
            "model": "ios 12.1 xi8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3900"
          },
          {
            "model": "ios 11.3 db1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "800"
          },
          {
            "model": "mc3810",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 by",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "as5350",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1cc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xj",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7200"
          },
          {
            "model": "content delivery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4630"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4(4)"
          },
          {
            "model": "catalyst 4912g",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "intelligent contact manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "cbos ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.2"
          },
          {
            "model": "ios 12.0dc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2.1"
          },
          {
            "model": "ios 12.2 xl",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ubr10000",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.0(2)"
          },
          {
            "model": "ios 12.2 xs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2.1"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200203-006"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0053"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:ibm:aix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:vvos",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_2000",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows-9x",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_nt",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_xp",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000035"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2002-0053",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2002-0053",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2002-0053",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#107186",
                "trust": 0.8,
                "value": "69.26"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#854306",
                "trust": 0.8,
                "value": "42.64"
              },
              {
                "author": "NVD",
                "id": "CVE-2002-0053",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200203-006",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200203-006"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0053"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request.  NOTE: this candidate may be split or merged with other candidates.  This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. For details, refer to each product.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability.  It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. \nThe resultant crash may be due to a buffer overflow condition.  If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. Cisco products contain multiple vulnerabilities in handling of SNMP requests and traps.  A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. \nIt is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance.  The affected device may reset, or require a manual reset to regain functionality. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2002-03: Multiple Vulnerabilities in Many\nImplementations of the Simple Network Management Protocol (SNMP)\n\n   Original release date: February 12, 2002\n   Last revised: --\n   Source: CERT/CC\n\n   A complete revision history can be found at the end of this file. \n\nSystems Affected\n\n   Products  from  a  very  wide  variety of vendors may be affected. See\n   Vendor Information for details from vendors who have provided feedback\n   for this advisory. \n\n   In  addition to the vendors who provided feedback for this advisory, a\n   list  of  vendors  whom  CERT/CC contacted regarding these problems is\n   available from\n   http://www.kb.cert.org/vuls/id/854306\n   http://www.kb.cert.org/vuls/id/107186 \n\n   Many  other systems making use of SNMP may also be vulnerable but were\n   not specifically tested. \n\n   In addition to this advisory, we also have an FAQ available at\n   http://www.cert.org/tech_tips/snmp_faq.html\n\nI. \n   Version  1  of  the  protocol  (SNMPv1)  defines several types of SNMP\n   messages  that  are  used  to  request  information  or  configuration\n   changes,  respond  to  requests,  enumerate  SNMP  objects,  and  send\n   unsolicited  alerts.  The  Oulu  University  Secure  Programming Group\n   (OUSPG,  http://www.ee.oulu.fi/research/ouspg/)  has reported numerous\n   vulnerabilities in SNMPv1 implementations from many different vendors. \n   More information about SNMP and OUSPG can be found in Appendix C\n\n   OUSPG\u0027s  research  focused  on  the  manner in which SNMPv1 agents and\n   managers  handle  request  and  trap  messages. A trap message\n     may  indicate  a warning or error condition or otherwise notify the\n     manager about the agent\u0027s state. SNMP managers must properly decode\n     trap  messages  and  process  the resulting data. Request\n     messages  might be issued to obtain information from an agent or to\n     instruct  the  agent to configure the host device. \n\n   Vulnerabilities  in  the  decoding  and  subsequent processing of SNMP\n   messages  by  both managers and agents may result in denial-of-service\n   conditions,  format string vulnerabilities, and buffer overflows. Some\n   vulnerabilities  do  not  require  the SNMP message to use the correct\n   SNMP community string. \n\n   These   vulnerabilities   have   been  assigned  the  CVE  identifiers\n   CAN-2002-0012 and CAN-2002-0013, respectively. \n\nII.  Specific impacts will vary from product to\n   product. \n\nIII. Solution\n\n   Note  that  many  of  the  mitigation steps recommended below may have\n   significant  impact on your everyday network operations and/or network\n   architecture.  Ensure  that  any  changes  made based on the following\n   recommendations  will  not  unacceptably  affect  your ongoing network\n   operations capability. \n\nApply a patch from your vendor\n\n   Appendix A contains information provided by vendors for this advisory. \n   Please  consult this appendix to determine if you need to contact your\n   vendor directly. \n\nDisable the SNMP service\n\n   As  a  general  rule,  the CERT/CC recommends disabling any service or\n   capability   that   is   not   explicitly  required,  including  SNMP. \n   Unfortunately,  some  of  the  affected  products exhibited unexpected\n   behavior  or  denial  of  service conditions when exposed to the OUSPG\n   test  suite  even  if  SNMP was not enabled. In these cases, disabling\n   SNMP should be used in conjunction with the filtering practices listed\n   below to provide additional protection. \n\nIngress filtering\n\n   As a temporary measure, it may be possible to limit the scope of these\n   vulnerabilities  by  blocking  access  to SNMP services at the network\n   perimeter. \n\n   Ingress  filtering  manages the flow of traffic as it enters a network\n   under  your  administrative  control.  Servers  are typically the only\n   machines that need to accept inbound traffic from the public Internet. \n   In  the  network usage policy of many sites, there are few reasons for\n   external hosts to initiate inbound traffic to machines that provide no\n   public  services.  Thus,  ingress filtering should be performed at the\n   border   to   prohibit   externally   initiated   inbound  traffic  to\n   non-authorized  services. For SNMP, ingress filtering of the following\n   ports  can  prevent  attackers  outside of your network from impacting\n   vulnerable  devices  in  the  local  network  that  are not explicitly\n   authorized to provide public SNMP services. \n\n   snmp     161/udp     # Simple Network Management Protocol (SNMP)\n   snmp     162/udp     # SNMP system management messages\n\n   The  following  services  are  less  common,  but  may be used on some\n   affected products\n\n   snmp               161/tcp     #  Simple  Network  Management Protocol\n   (SNMP)\n   snmp               162/tcp     # SNMP system management messages\n   smux               199/tcp     # SNMP Unix Multiplexer\n   smux               199/udp     # SNMP Unix Multiplexer\n   synoptics-relay    391/tcp     # SynOptics SNMP Relay Port\n   synoptics-relay    391/udp     # SynOptics SNMP Relay Port\n   agentx             705/tcp     # AgentX\n   snmp-tcp-port     1993/tcp     # cisco SNMP TCP port\n   snmp-tcp-port     1993/udp     # cisco SNMP TCP port\n\n   As  noted  above, you should carefully consider the impact of blocking\n   services that you may be using. \n\n   It  is  important  to note that in many SNMP implementations, the SNMP\n   daemon may bind to all IP interfaces on the device. This has important\n   consequences  when  considering  appropriate packet filtering measures\n   required  to  protect  an  SNMP-enabled device. For example, even if a\n   device  disallows  SNMP  packets  directed  to the IP addresses of its\n   normal  network  interfaces, it may still be possible to exploit these\n   vulnerabilities  on that device through the use of packets directed at\n   the following IP addresses:\n     * \"all-ones\" broadcast address\n     * subnet broadcast address\n     * any  internal  loopback  addresses  (commonly  used in routers for\n       management purposes, not to be confused with the IP stack loopback\n       address 127.0.0.1)\n\n   Careful  consideration  should  be  given  to  addresses  of the types\n   mentioned  above  by  sites  planning  for packet filtering as part of\n   their mitigation strategy for these vulnerabilities. \n\n   Finally,  sites may wish to block access to the following RPC services\n   related to SNMP (listed as name, program ID, alternate names)\n\n   snmp               100122  na.snmp snmp-cmc snmp-synoptics snmp-unisys\n   snmp-utk\n   snmpv2             100138  na.snmpv2     # SNM Version 2.2.2\n   snmpXdmid          100249\n\n   Please  note  that  this workaround may not protect vulnerable devices\n   from internal attacks. \n\nFilter SNMP traffic from non-authorized internal hosts\n\n   In  many networks, only a limited number of network management systems\n   need to originate SNMP request messages. Therefore, it may be possible\n   to configure the SNMP agent systems (or the network devices in between\n   the  management  and  agent systems) to disallow request messages from\n   non-authorized systems. This can reduce, but not wholly eliminate, the\n   risk  from  internal attacks. However, it may have detrimental effects\n   on  network  performance  due  to  the  increased  load imposed by the\n   filtering, so careful consideration is required before implementation. \n   Similar  caveats  to  the  previous workaround regarding broadcast and\n   loopback addresses apply. \n\nChange default community strings\n\n   Most  SNMP-enabled  products  ship  with  default community strings of\n   \"public\"  for read-only access and \"private\" for read-write access. As\n   with   any   known  default  access  control  mechanism,  the  CERT/CC\n   recommends  that network administrators change these community strings\n   to  something  of  their  own  choosing.  However, even when community\n   strings  are changed from their defaults, they will still be passed in\n   plaintext and are therefore subject to packet sniffing attacks. SNMPv3\n   offers additional capabilities to ensure authentication and privacy as\n   described in RFC2574. \n\n   Because  many of the vulnerabilities identified in this advisory occur\n   before  the  community  strings are evaluated, it is important to note\n   that  performing  this  step  alone  is not sufficient to mitigate the\n   impact  of  these vulnerabilities. Nonetheless, it should be performed\n   as part of good security practice. \n\nSegregate SNMP traffic onto a separate management network\n\n   In  situations  where  blocking  or  disabling  SNMP  is not possible,\n   exposure  to  these  vulnerabilities may be limited by restricting all\n   SNMP  access  to  separate,  isolated management networks that are not\n   publicly  accessible.  Although  this would ideally involve physically\n   separate networks, that kind of separation is probably not feasible in\n   most environments. Mechanisms such as virtual LANs (VLANs) may be used\n   to  help  segregate  traffic  on  the same physical network. Note that\n   VLANs  may  not  strictly  prevent  an  attacker from exploiting these\n   vulnerabilities,  but  they may make it more difficult to initiate the\n   attacks. \n\n   Another  option  is  for  sites  to  restrict SNMP traffic to separate\n   virtual private networks (VPNs), which employ cryptographically strong\n   authentication. \n\n   Note  that  these  solutions may require extensive changes to a site\u0027s\n   network architecture. \n\nEgress filtering\n\n   Egress  filtering  manages  the flow of traffic as it leaves a network\n   under your administrative control. There is typically limited need for\n   machines providing public services to initiate outbound traffic to the\n   Internet.  In  the  case  of  SNMP  vulnerabilities,  employing egress\n   filtering on the ports listed above at your network border can prevent\n   your network from being used as a source for attacks on other sites. \n\nDisable stack execution\n\n   Disabling  executable  stacks  (on systems where this is configurable)\n   can  reduce  the  risk  of  \"stack  smashing\"  attacks  based on these\n   vulnerabilities. Although this does not provide 100 percent protection\n   against exploitation of these vulnerabilities, it makes the likelihood\n   of a successful exploit much smaller. On many UNIX systems, executable\n   stacks can be disabled by adding the following lines to /etc/system:\n\n   set noexec_user_stack = 1 set noexec_user_stack_log = 1\n\n   Note  that  this  may  go  against the SPARC and Intel ABIs and can be\n   bypassed  as required in programs with mprotect(2). For the changes to\n   take effect you will then need to reboot. \n\n   Other  operating  systems and architectures also support the disabling\n   of executable stacks either through native configuration parameters or\n   via  third-party  software.  Consult  your  vendor(s)  for  additional\n   information. \n\nShare tools and techniques\n\n   Because  dealing with these vulnerabilities to systems and networks is\n   so  complex, the CERT/CC will provide a forum where administrators can\n   share  ideas  and  techniques  that  can  be  used  to  develop proper\n   defenses.  We  have created an unmoderated mailing list for system and\n   network administrators to discuss helpful techniques and tools. \n\n   You  can  subscribe to the mailing list by sending an email message to\n   majordomo@cert.org. In the body of the message, type\n\n   subscribe snmp-forum\n\n   After you receive the confirmation message, follow the instructions in\n   the message to complete the subscription process. \n\nAppendix A. - Vendor Information\n\n   This  appendix  contains  information  provided  by  vendors  for this\n   advisory.  As  vendors  report new information to the CERT/CC, we will\n   update this section and note the changes in our revision history. If a\n   particular  vendor  is  not  listed  below, we have not received their\n   comments. \n\nAdventNet\n\n     This  is in reference to your notification regarding [VU#107186 and\n     VU#854306]  and  OUSPG#0100.   AdventNet  Inc.  has reproduced this\n     behavior  in  their  products and coded a Service Pack fix which is\n     currently   in   regression   testing   in  AdventNet  Inc.\u0027s  Q.A. \n     organization.    The  release  of  AdventNet  Inc\u0027s.  Service  Pack\n     correcting  the  behavior  outlined in VU#617947, and OUSPG#0100 is\n     scheduled  to  be  generally  available  to all of AdventNet Inc.\u0027s\n     customers by February 20, 2002. \n\nAvaya\n\n     Avaya  Inc. \n\nCacheFlow\n\n     The  purpose of this email is to advise you that CacheFlow Inc. has\n     provided a software update. Please be advised that updated versions\n     of  the  software  are  now  available  for all supported CacheFlow\n     hardware  platforms,  and may be obtained by CacheFlow customers at\n     the following URL:\n\n          http://download.cacheflow.com/\n\n   The  specific reference to the software update is contained within the\n   Release  Notes  for  CacheOS  Versions 3.1.22 Release ID 17146, 4.0.15\n   Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149. \n\n   RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS:\n     * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm\n\n   RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS:\n     * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm\n     * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm\n     * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm\n\n     * SR   1-1647517,   VI  13045:  This  update  modified  a  potential\n     vulnerability by using an SNMP test tools exploit. \n\n3Com Corporation\n\n     A  vulnerability to an SNMP packet with an invalid length community\n     string  has  been  resolved  in  the  following products. Customers\n     concerned  about  this  weakness should ensure that they upgrade to\n     the following agent versions:\n     PS Hub 40\n     2.16 is due Feb 2002\n     PS Hub 50\n     2.16 is due Feb 2002\n     Dual Speed Hub\n     2.16 is due Jan 2002\n     Switch 1100/3300\n     2.68 is available now\n     Switch 4400\n     2.02 is available now\n     Switch 4900\n     2.04 is available now\n     WebCache1000/3000\n     2.00 is due Jan 2002\n\nCaldera\n\n     Caldera   International,  Inc.  has  reproduced  faulty behavior in\n     Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX\n     8.  We have coded a software fix for  supported versions of Caldera\n     UnixWare  7  and  Caldera  Open UNIX 8 that will  be available from\n     our   support   site  at  http://stage.caldera.com/support/security\n     immediately  following the publication of this CERT announcement. A\n     fix  for  supported versions of OpenServer 5 will be available at a\n     later date. \n\nCisco Systems\n\n     Cisco  Systems  is  addressing  the  vulnerabilities  identified by\n     VU#854306  and VU#107186 across its entire product line. Cisco will\n     publish    a    security   advisory   with   further   details   at\n     http://www.cisco.com/go/psirt/. \n\nCompaq Computer Corporation\n\n     x-ref: SSRT0779U SNMP\n     At  the time of writing this document, COMPAQ continues to evaluate\n     this potential problem and when new versions of SNMP are available,\n     COMPAQ  will implement solutions based on the new code. Compaq will\n     provide  notice  of  any  new  patches  as  a result of that effort\n     through  standard  patch  notification  procedures and be available\n     from your normal Compaq Services support channel. \n\nComputer Associates\n\n     Computer  Associates  has  confirmed Unicenter vulnerability to the\n     SNMP  advisory identified by CERT notification reference [VU#107186\n     \u0026   VU#854306]   and   OUSPG#0100.   We  have  produced  corrective\n     maintenance  to  address  these  vulnerabilities,  which  is in the\n     process  of publication for all applicable releases / platforms and\n     will  be  offered  through the CA Support site.  Please contact our\n     Technical    Support   organization   for   information   regarding\n     availability / applicability for your specific configuration(s). \n\nCOMTEK Services, Inc. \n\n     NMServer  for  AS/400  is  not  an SNMP master and is therefore not\n     vulnerable.  However  this  product  requires the use of the AS/400\n     SNMP  master  agent  supplied  by  IBM. \n\n     NMServer   for  OpenVMS  has  been  tested  and  has  shown  to  be\n     vulnerable.  COMTEK  Services  is  preparing  a new release of this\n     product  (version  3.5)  which will contain a fix for this problem. \n     This  new  release  is  scheduled to be available in February 2002. \n     Contact COMTEK Services for further information. \n\n     NMServer  for VOS has not as yet been tested; vulnerability of this\n     agent  is  unknown.  Contact for further information on the testing\n     schedule of the VOS product. \n\nCovalent Technologies\n\n     Covalent Technologies ERS (Enterprise Ready Server), Secure Server,\n     and  Conductor  SNMP module are not vulnerable according to testing\n     performed   in   accordance  with  CERT  recommendations.  Security\n     information for Covalent products can be found at www.covalent.net\n\nDartware, LLC\n\n     Dartware,  LLC  (www.dartware.com)  supplies  two products that use\n     SNMPv1  in  a  manager  role,  InterMapper  and SNMP Watcher.  This statement applies to all present\n     and past versions of these two software packages. \n\nDMH Software\n\n     DMH  Software  is  in  the  process of evaluating and attempting to\n     reproduce this behavior. \n     It  is  unclear at this point if our snmp-agent is sensitive to the\n     tests described above. \n     If  any  problems  will  be  discovered,  DMH  Software will code a\n     software fix. \n     The  release of DMH Software OS correcting the behavior outlined in\n     VU#854306, VU#107186, and OUSPG#0100 will be generally available to\n     all of DMH Software\u0027s customers as soon as possible. \n\nEnGarde Secure Linux\n\n     EnGarde  Secure  Linux  did  not  ship any SNMP packages in version\n     1.0.1 of our distribution, so we are not vulnerable to either bug. \n\nFreeBSD\n\n     FreeBSD  does  not  include any SNMP software by default, and so is\n     not vulnerable.  However, the FreeBSD Ports Collection contains the\n     UCD-SNMP   /   NET-SNMP   package.    Package   versions  prior  to\n     ucd-snmp-4.2.3  are  vulnerable.   The upcoming FreeBSD 4.5 release\n     will  ship  the  corrected  version  of  the  UCD-SNMP  /  NET-SNMP\n     package.   In  addition,  the  corrected version of the packages is\n     available from the FreeBSD mirrors. \n\n     FreeBSD   has   issued  the  following  FreeBSD  Security  Advisory\n     regarding the UCD-SNMP / NET-SNMP package:\n     ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09. \n     snmp.asc. \n\nHewlett-Packard Company\n\n     SUMMARY - known vulnerable:\n     ========================================\n     hp procurve switch 2524\n     NNM  (Network Node Manager)\n     JetDirect Firmware (Older versions only)\n     HP-UX Systems running snmpd or OPENVIEW\n     MC/ServiceGuard\n     EMS\n     Still under investigation:\n     SNMP/iX (MPE/iX)\n     ========================================\n     _________________________________________________________\n     ---------------------------------------------------------\n     hp procurve switch 2524 \n     ---------------------------------------------------------\n     hp procurve switch 2525 (product J4813A) is vulnerable to some\n     issues, patches in process. Watch for the associated HP\n     Security Bulletin. \n     ---------------------------------------------------------\n     NNM  (Network Node Manager)\n     ---------------------------------------------------------\n     Some problems were found in NNM product were related to\n     trap handling. Patches in process. Watch for the\n     associated HP Security Bulletin. \n     ---------------------------------------------------------\n     JetDirect Firmware (Older versions only)\n     ---------------------------------------------------------\n     ONLY some older versions of JetDirect Firmware are\n     vulnerable to some of the issues.  The older firmware\n     can be upgraded in most cases, see list below. \n     JetDirect Firmware Version    State\n     ==========================    =====\n        X.08.32 and higher     NOT Vulnerable\n        X.21.00 and higher     NOT Vulnerable\n     JetDirect Product Numbers that can be freely\n     upgraded to X.08.32 or X.21.00 or higher firmware. \n     EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)\n     J3110A 10T\n     J3111A 10T/10B2/LocalTalk\n     J3112A Token Ring (discontinued)\n     J3113A 10/100 (discontinued)\n     J4169A 10/100\n     J4167A Token Ring\n     MIO (Peripherals LaserJet 4, 4si, 5si, etc...)\n     J2550A/B 10T (discontinued)\n     J2552A/B 10T/10Base2/LocalTalk (discontinued)\n     J2555A/B Token Ring (discontinued)\n     J4100A 10/100\n     J4105A Token Ring\n     J4106A 10T\n     External Print Servers\n     J2591A EX+ (discontinued)\n     J2593A EX+3 10T/10B2 (discontinued)\n     J2594A EX+3 Token Ring (discontinued)\n     J3263A 300X 10/100\n     J3264A 500X Token Ring\n     J3265A 500X 10/100\n     ----------------------------------------------------------\n     HP-UX Systems running snmpd or OPENVIEW\n     ----------------------------------------------------------\n     The following patches are available now:\n       PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch\n       PHSS_26138 s700_800 11.X  OV EMANATE14.2 Agent Consolidated Patch\n       PSOV_03087 EMANATE Release 14.2 Solaris 2.X  Agent Consolidated\n     Patch\n     All three patches are available from:\n     http://support.openview.hp.com/cpe/patches/\n     In addition PHSS_26137 and PHSS_26138 will soon be available from:\n     http://itrc.hp.com\n     ================================================================\n     NOTE: The patches are labeled OV(Open View). However, the patches\n     are also applicable to systems that are not running Open View. \n     =================================================================\n     Any   HP-UX  10.X  or  11.X  system  running  snmpd  or  snmpdm  is\n     vulnerable. \n     To determine if your HP-UX system has snmpd or snmpdm installed:\n       swlist -l file | grep snmpd\n     If a patch is not available for your platform or you cannot install\n     an  available  patch,  snmpd and snmpdm can be disabled by removing\n     their\n     entries  from  /etc/services  and  removing the execute permissions\n     from\n     /usr/sbin/snmpd and /usr/sbin/snmpdm. \n     ----------------------------------------------------------------\n     Investigation completed, systems vulnerable. \n     ----------------------------------------------------------------\n     MC/ServiceGuard\n     Event Monitoring System  (EMS)\n     ----------------------------------------------------------------\n       Still under investigation:\n     ----------------------------------------------------------------\n     SNMP/iX (MPE/iX)\n\nHirschmann Electronics GmbH \u0026 Co. KG\n\n     Hirschmann  Electronics  GmbH  \u0026  Co.  KG supplies a broad range of\n     networking  products,  some  of  which  are  affected  by  the SNMP\n     vulnerabilities  identified by CERT Coordination Center. The manner\n     in  which they are affected and the actions required to avoid being\n     impacted  by  exploitation  of  these  vulnerabilities,  vary  from\n     product to product. Hirschmann customers may contact our Competence\n     Center (phone +49-7127-14-1538, email:\n     ans-support@nt.hirschmann.de)     for    additional    information,\n     especially  regarding  availability  of  latest  firmware  releases\n     addressing the SNMP vulnerabilities. \n\nIBM Corporation\n\n     Based  upon  the  results  of  running  the  test  suites  we  have\n     determined  that  our  version  of  SNMP  shipped  with  AIX is NOT\n     vulnerable. \n\nInnerdive Solutions, LLC\n\n     Innerdive Solutions, LLC has two SNMP based products:\n     1. The \"SNMP MIB Scout\"\n     (http://www.innerdive.com/products/mibscout/)\n     2. The \"Router IP Console\" (http://www.innerdive.com/products/ric/)\n     The \"SNMP MIB Scout\" is not vulnerable to either bug. \n     The \"Router IP Console\" releases prior to 3.3.0.407 are vulnerable. \n     The release of \"Router IP Console\" correcting the behavior outlined\n     in  OUSPG#0100  is  3.3.0.407 and is already available on our site. \n     Also,  we  will  notify all our customers about this new release no\n     later than March 5, 2002. \n\nJuniper Networks\n\n     This  is  in reference to your notification regarding CAN-2002-0012\n     and  CAN-2002-0013.   Juniper Networks has reproduced this behavior\n     and coded a software fix.  The fix will be included in all releases\n     of  JUNOS Internet software built after January 5, 2002.  Customers\n     with  current  support contracts can download new software with the\n     fix from Juniper\u0027s web site at www.juniper.net. \n     Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can\n     only  be  reproduced  in JUNOS Internet software if certain tracing\n     options  are  enabled.   These options are generally not enabled in\n     production routers. \n\nLantronix, Inc. \n\n     Lantronix  is  committed  to  resolving  security  issues  with our\n     products.  The SNMP security bug you reported has been fixed in LRS\n     firmware version B1.3/611(020123). \n\nLotus Development Corporation\n\n     Lotus    Software   evaluated   the   Lotus   Domino   Server   for\n     vulnerabilities using the test suite materials provided by OUSPG. \n     This  problem  does  not affect default installations of the Domino\n     Server.   However,  SNMP  agents  can  be  installed from the CD to\n     provide  SNMP  services for the Domino Server (these are located in\n     the   /apps/sysmgmt/agents   directory).    The  optional  platform\n     specific  master  and  encapsulator  agents included with the Lotus\n     Domino  SNMP  Agents  for  HP-UX  and Solaris have been found to be\n     vulnerable.  For  those  platforms,  customers  should  upgrade  to\n     version  R5.0.1  a  of  the Lotus Domino SNMP Agents, available for\n     download  from the Lotus Knowledge Base on the IBM Support Web Site\n     (http://www.ibm.com/software/lotus/support/).   Please   refer   to\n     Document  #191059,  \"Lotus Domino SNMP Agents R5.0.1a\", also in the\n     Lotus Knowledge Base, for more details. \n\nLOGEC Systems Inc\n\n     The  products  from  LOGEC  Systems are exposed to SNMP only via HP\n     OpenView.  We  do  not have an implementation of SNMP ourselves. As\n     such,  there is nothing in our products that would be an issue with\n     this alert. \n\nLucent\n\n     Lucent is aware of reports that there is a vulnerability in certain\n     implementations  of  the  SNMP (Simple Network Management Protocol)\n     code  that  is  used in data switches and other hardware throughout\n     the telecom industry. \n     As soon as we were notified by CERT, we began assessing our product\n     portfolio  and  notifying  customers  with  products  that might be\n     affected. \n     Our  5ESS  switch  and  most  of  our  optical  portfolio  were not\n     affected.   Our  core  and  edge  ATM switches and most of our edge\n     access  products  are  affected, but we have developed, tested, and\n     deployed  fixes for many of those products to our customers.  Fixes\n     for  the  rest  of the affected product portfolio will be available\n     shortly. \n     We consider the security and reliability of our customers\u0027 networks\n     to  be  one  of  our  critical  measures  of success. We take every\n     reasonable measure to ensure their satisfaction. \n     In  addition,  we  are  working  with  customers on ways to further\n     enhance the security they have in place today. \n\nMarconi\n\n     Marconi  supplies  a  broad range of telecommunications and related\n     products,  some  of  which are affected by the SNMP vulnerabilities\n     identified  here.  The  manner  in  which they are affected and the\n     actions  required  (if any) to avoid being impacted by exploitation\n     of  these  vulnerabilities,  vary  from  product  to product. Those\n     Marconi   customers   with  support  entitlement  may  contact  the\n     appropriate   Technical  Assistance  Center  (TAC)  for  additional\n     information.  Those not under support entitlement may contact their\n     sales representative. \n\nMicrosoft Corporation\n\n     The  Microsoft  Security Reponse [sic] Center has investigated this\n     issue, and provides the following information. \n\n     Summary:\n     All  Microsoft  implementations  of  SNMP  v1  are  affected by the\n     vulnerability.  The  SNMP v1 service is not installed or running by\n     default on any version of Windows. A patch is underway to eliminate\n     the  vulnerability.  In  the  meantime,  we recommend that affected\n     customers disable the SNMP v1 service. \n\n     Details:\n     An  SNMP  v1 service ships on the CDs for Windows 95, 98, and 98SE. \n     It  is  not  installed  or  running  by  default  on  any  of these\n     platforms.  An SNMP v1 is NOT provided for Windows ME.  However, it\n     is  possible  that  Windows  98  machines  which  had  the  service\n     installed  and  were  upgraded would still have the service.  Since\n     SNMP  is  not  supported for WinME, customers in this situation are\n     urged to remove the SNMP service. \n     An  SNMP  v1  service  is  available  on  Windows NT 4.0 (including\n     Terminal  Server  Edition) and Windows 2000 but is not installed or\n     running  by  default  on any of these platforms.Windows XP does not\n     ship with an SNMP v1 service. \n\n     Remediation:\n     A  patch  is  underway  for  the  affected  platforms,  and will be\n     released  shortly.  In  the  meantime,  Microsoft  recommends  that\n     customers  who  have  the  SNMP  v1  service  running disable it to\n     protect their systems. Following are instruction for doing this:\n\n     Windows 95, 98 and 98SE:\n     1. In Control Panel, double-click Network. \n     2. On  the  Configuration  tab,  select Microsoft SNMP Agent from the\n        list of installed components. \n     3. Click Remove\n\n     Check the following keys and confirm that snmp.exe is not listed. \n     HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunSer\n     vices\n     HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\n \n     For Windows XP:\n     1. Right-click on My Computer and select Manage\n     2. Click on Services and Applications, then on Services\n     3. Location  SNMP  on  the list of services, then select it and click\n        Stop. \n     4. Select Startup, and click Disabled. \n     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer\n        Management window. \n   \n     For Windows NT 4.0 (including Terminal Server Edition):\n     1. Select Start, then Settings. \n     2. Select Control Panel, then click on the Services Icon\n     3. Locate  SNMP  on  the  list  of services, then select it and click\n        Stop. \n     4. Select Startup, and click Disabled. \n     5. Click OK to close the dialoge [sic], then close Control Panel\n\n     Windows 2000:\n     1. Right-click on My Computer and select Manage\n     2. Click on Services and Applications, then on Services\n     3. Location  SNMP  on  the list of services, then select it and click\n        Stop. \n     4. Select Startup, and click Disabled. \n     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer\n        Management window. \n\nMultinet\n\n     MultiNet  and  TCPware customers should contact Process Software to\n     check  for  the availability of patches for this issue. A couple of\n     minor  problems were found and fixed, but there is no security risk\n     related to the SNMP code included with either product. \n\nNetaphor\n\n     NETAPHOR  SOFTWARE INC. is the creator of Cyberons for Java -- SNMP\n     Manager  Toolkit  and Cyberons for Java -- NMS Application Toolkit,\n     two   Java  based  products  that  may  be  affected  by  the  SNMP\n     vulnerabilities  identified  here.  The  manner  in  which they are\n     affected  and the actions required (if any) to avoid being impacted\n     by  exploitation  of  these  vulnerabilities,  may  be  obtained by\n     contacting  Netaphor  via email at info@netaphor.com Customers with\n     annual support may contact support@netaphor.com directly. Those not\n     under    support    entitlement   may   contact   Netaphor   sales:\n     sales@netaphor.com or (949) 470 7955 in USA. \n\nNetBSD\n\n     NetBSD does not ship with any SNMP tools in our \u0027base\u0027 releases. We\n     do  provide  optional  packages  which  provide various support for\n     SNMP.  These  packages  are  not installed by default, nor are they\n     currently  provided  as  an  install option by the operating system\n     installation tools. A system administrator/end-user has to manually\n     install this with our package management tools. These SNMP packages\n     include:\n          + netsaint-plugin-snmp-1.2.8.4  (SNMP  monitoring  plug-in  for\n            netsaint)\n          + p5-Net-SNMP-3.60 (perl5 module for SNMP queries)\n          + p5-SNMP-3.1.0  (Perl5  module for interfacing to the UCD SNMP\n            library\n          + p5-SNMP_Session-0.83   (perl5  module  providing  rudimentary\n            access to remote SNMP agents)\n          + ucd-snmp-4.2.1  (Extensible  SNMP  implementation) (conflicts\n            with ucd-snmp-4.1.2)\n          + ucd-snmp-4.1.2  (Extensible  SNMP  implementation) (conflicts\n            with ucd-snmp-4.2.1)\n\n     We    do   provide   a   software   monitoring   mechanism   called\n     \u0027audit-packages\u0027,  which allows us to highlight if a package with a\n     range  of  versions  has  a potential vulnerability, and recommends\n     that the end-user upgrade the packages in question. \n\nNetscape Communications Corporation\n\n     Netscape  continues  to be committed to maintaining a high level of\n     quality  in  our  software  and  service  offerings.  Part  of this\n     commitment  includes  prompt response to security issues discovered\n     by organizations such as the CERT Coordination Center. \n     According  to a recent CERT/CC advisory, The Oulu University Secure\n     Programming  Group (OUSPG) has reported numerous vulnerabilities in\n     multiple  vendor  SNMPv1 implementations. \n     We  have  carefully  examined the reported findings, performing the\n     tests  suggested  by the OUSPG to determine whether Netscape server\n     products  were  subject to these vulnerabilities. It was determined\n     that several products fell into this category. As a result, we have\n     created  fixes  which will resolve the issues, and these fixes will\n     appear  in  future  releases  of  our  product  line. To Netscape\u0027s\n     knowledge,  there  are  no known instances of these vulnerabilities\n     being exploited and no customers have been affected to date. \n     When such security warnings are issued, Netscape has committed to -\n     and will continue to commit to - resolving these issues in a prompt\n     and timely fashion, ensuring that our customers receive products of\n     the highest quality and security. \n\nNET-SNMP\n\n     All  ucd-snmp  version  prior  to  4.2.2  are  susceptible  to this\n     vulnerability  and  users  of  versions  prior to version 4.2.2 are\n     encouraged   to   upgrade   their  software  as  soon  as  possible\n     (http://www.net-snmp.org/download/).  Version  4.2.2 and higher are\n     not susceptible. \n\nNetwork Associates\n\n     PGP is not affected, impacted, or otherwise related to this VU#. \n\nNetwork Computing Technologies\n\n     Network   Computing   Technologies  has  reviewed  the  information\n     regarding  SNMP  vulnerabilities and is currently investigating the\n     impact to our products. \n\nNokia\n\n     This  vulnerability  is  known  to affect IPSO versions 3.1.3, 3.3,\n     3.3.1,  3.4,  and  3.4.1.   Patches  are  currently  available  for\n     versions  3.3,  3.3.1,  3.4  and  3.4.1 for download from the Nokia\n     website.   In  addition,  version  3.4.2  shipped  with  the  patch\n     incorporated,  and the necessary fix will be included in all future\n     releases of IPSO. \n     We  recommend customers install the patch immediately or follow the\n     recommended precautions below to avoid any potential exploit. \n     If you are not using SNMP services, including Traps, simply disable\n     the   SNMP   daemon   to   completely   eliminate   the   potential\n     vulnerability. \n     If   you  are  using  only  SNMP  Traps  and  running  Check  Point\n     FireWall-1,  create  a  firewall  policy  to disallow incoming SNMP\n     messages on all appropriate interfaces. Traps will continue to work\n     normally. \n\nNortel Networks\n\n     The  CERT Coordination Center has issued a broad based alert to the\n     technology industry, including Nortel Networks, regarding potential\n     security   vulnerabilities   identified   in   the  Simple  Network\n     Management  Protocol  (SNMP),  a  common  networking  standard. The\n     company   is   working   with  CERT  and  other  network  equipment\n     manufacturers, the U.S. Government, service providers, and software\n     suppliers to assess and address this issue. \n\nNovell\n\n     Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x\n     and  6.0  systems. The SNMP and SNMPLOG vulnerabilities detected on\n     NetWare  are  fixed and will be available through NetWare 6 Support\n     Pack 1 \u0026 NetWare 5.1 Support Pack 4. Support packs are available at\n     http://support.novell.com/tools/csp/\n\nOpenBSD\n\n     OpenBSD does not ship SNMP code. \n\nQualcomm\n\n     WorldMail  does  not  support SNMP by default, so customers who run\n     unmodified installations are not vulnerable. \n\nRedback Networks, Inc. \n\n     Redback  Networks,  Inc.  has  identified that the vulnerability in\n     question  affects  certain versions of AOS software on the SMS 500,\n     SMS  1800,  and  SMS 10000 platforms, and is taking the appropriate\n     steps necessary to correct the issue. \n\nRed Hat\n\n     RedHat has released a security advisiory [sic] at\n     http://www.redhat.com/support/errata/RHSA-2001-163.html\n     with  updated  versions  of  the ucd-snmp package for all supported\n     releases and architectures. For more information or to download the\n     update please visit this page. \n\nSGI\n\n     SGI  acknowledges  the SNMP vulnerabilities reported by CERT and is\n     currently  investigating. \n     For  the  protection  of  all our customers, SGI does not disclose,\n     discuss  or  confirm vulnerabilities until a full investigation has\n     occurred  and  any  necessary  patch(es)  or  release  streams  are\n     available  for all vulnerable and supported IRIX operating systems. \n     Until SGI has more definitive information to provide, customers are\n     encouraged  to  assume  all security vulnerabilities as exploitable\n     and  take  appropriate  steps  according  to  local  site  security\n     policies   and   requirements.   As   further  information  becomes\n     available,  additional advisories will be issued via the normal SGI\n     security  information  distribution  methods  including the wiretap\n     mailing list on http://www.sgi.com/support/security/. \n\nSNMP Research International\n\n     SNMP  Research  has  made  the following vendor statement. They are\n     likely  to  revise  and  expand  the  statement as the date for the\n     public vulnerability announcement draws nearer.   Users  maintaining\n     earlier  releases should update to the current release if they have\n     not  already  done  so. Other Stonesoft\u0027s products are\n     still   under   investigation.   As   further  information  becomes\n     available, additional advisories will be available at\n     http://www.stonesoft.com/support/techcenter/\n\nSun Microsystems, Inc. \n\n     Sun\u0027s  SNMP  product,  Solstice  Enterprise Agents (SEA), described\n     here:\n     http://www.sun.com/solstice/products/ent.agents/\n     is  affected  by VU#854306 but not VU#107186. More specifically the\n     main  agent  of  SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8. \n     Sun  is  currently  generating  patches  for this issue and will be\n     releasing  a  Sun Security Bulletin once the patches are available. \n     The bulletin will be available from:\n     http://sunsolve.sun.com/security.  Sun  patches are available from:\n     http://sunsolve.sun.com/securitypatch. \n\nSymantec Corporation\n\n     Symantec Corporation has investigated the SNMP issues identified by\n     the  OUSPG test suite and determined that Symantec products are not\n     susceptable [sic] to these issues. \n\nTANDBERG\n\n     Tandberg  have  run  all  the  testcases found the PROTOS test-suie\n     [sic], c06snmpv1:\n     1. c06-snmpv1-trap-enc-pr1.jar\n     2. c06-snmpv1-treq-app-pr1.jar\n     3. c06-snmpv1-trap-enc-pr1.jar\n     4. c06-snmpv1-req-app-pr1.jar\n     The  tests  were  run with standard delay time between the requests\n     (100ms),  but  also  with  a delay of 1ms. The tests applies to all\n     TANDBERG  products (T500, T880, T1000, T2500, T6000 and T8000). The\n     software  tested  on these products were B4.0 (our latest software)\n     and no problems were found when running the test suite. \n\nTivoli Systems\n\n     Our  analysis indicates that this vulnerability does not affect the\n     Tivoli NetView product. \n\nAppendix B. - References\n         1. http://www.ee.oulu.fi/research/ouspg/protos/\n         2. http://www.kb.cert.org/vuls/id/854306\n         3. http://www.kb.cert.org/vuls/id/107186\n         4. http://www.cert.org/tech_tips/denial_of_service.html\n         5. http://www.ietf.org/rfc/rfc1067.txt\n         6. http://www.ietf.org/rfc/rfc1089.txt\n         7. http://www.ietf.org/rfc/rfc1140.txt\n         8. http://www.ietf.org/rfc/rfc1155.txt\n         9. http://www.ietf.org/rfc/rfc1156.txt\n        10. http://www.ietf.org/rfc/rfc1215.txt\n        11. http://www.ietf.org/rfc/rfc1270.txt\n        12. http://www.ietf.org/rfc/rfc1352.txt\n\nAppendix C. - Background Information\n\n     Background Information on the OUSPG\n\n       OUSPG  is an academic research group located at Oulu University in\n       Finland.  The  purpose  of this research group is to test software\n       for vulnerabilities. \n       History  has  shown  that  the  techniques  used by the OUSPG have\n       discovered a large number of previously undetected problems in the\n       products  and  protocols  they  have  tested.  In  2001, the OUSPG\n       produced a comprehensive test suite for evaluating implementations\n       of  the  Lightweight  Directory  Access Protocol (LDAP). This test\n       suite  was  developed with the strategy of abusing the protocol in\n       unsupported  and  unexpected  ways,  and  it was very effective in\n       uncovering  a  wide  variety  of  vulnerabilities  across  several\n       products.  This approach can reveal vulnerabilities that would not\n       manifest themselves under normal conditions. \n       After  completing  its  work  on  LDAP,  OUSPG  moved its focus to\n       SNMPv1.  As  with  LDAP,  they designed a custom test suite, began\n       testing   a   selection   of  products,  and  found  a  number  of\n       vulnerabilities.  Because  OUSPG\u0027s  work  on  LDAP  was similar in\n       procedure  to its current work on SNMP, you may wish to review the\n       LDAP  Test  Suite  and  CERT  Advisory  CA-2001-18, which outlined\n       results of application of the test suite. \n       In order to test the security of protocols like SNMPv1, the PROTOS\n       project  presents  a  server with a wide variety of sample packets\n       containing  unexpected  values  or  illegally formatted data. As a\n       member of the PROTOS project consortium, the OUSPG used the PROTOS\n       c06-snmpv1  test  suite  to  study  several implementations of the\n       SNMPv1  protocol.  Results  of  the  test  suites run against SNMP\n       indicate  that  there  are  many different vulnerabilities on many\n       different implementations of SNMP. Software and\n       firmware products designed for networks often make use of the SNMP\n       protocol.  SNMP  runs  on  a  multitude  of  devices and operating\n       systems, including, but not limited to,\n          + Core  Network  Devices (Routers, Switches, Hubs, Bridges, and\n            Wireless Network Access Points)\n          + Operating Systems\n          + Consumer  Broadband  Network  Devices  (Cable  Modems and DSL\n            Modems)\n          + Consumer Electronic Devices (Cameras and Image Scanners)\n          + Networked   Office  Equipment  (Printers,  Copiers,  and  FAX\n            Machines)\n          + Network and Systems Management/Diagnostic Frameworks (Network\n            Sniffers and Network Analyzers)\n          + Uninterruptible Power Supplies (UPS)\n          + Networked Medical Equipment (Imaging Units and Oscilloscopes)\n          + Manufacturing and Processing Equipment\n       The  SNMP  protocol  is  formally defined in RFC1157. Quoting from\n       that RFC:\n\n                Implicit  in the SNMP architectural model is a collection\n                of  network  management  stations  and  network elements. \n                Network    management    stations    execute   management\n                applications  which monitor and control network elements. \n                Network  elements  are  devices  such as hosts, gateways,\n                terminal  servers,  and  the  like, which have management\n                agents  responsible for performing the network management\n                functions  requested  by the network management stations. \n\n       Additionally,   SNMP  is  discussed  in  a  number  of  other  RFC\n       documents:\n          + RFC 3000 Internet Official Protocol Standards\n          + RFC 1212 Concise MIB Definitions\n          + RFC  1213  Management Information Base for Network Management\n            of TCP/IP-based Internets: MIB-II\n          + RFC  1215  A  Convention  for Defining Traps for use with the\n            SNMP\n          + RFC 1270 SNMP Communications Services\n          + RFC  2570  Introduction to Version 3 of the Internet-standard\n            Network Management Framework\n          + RFC  2571  An  Architecture  for  Describing  SNMP Management\n            Frameworks\n          + RFC  2572  Message  Processing and Dispatching for the Simple\n            Network Management Protocol (SNMP)\n          + RFC 2573 SNMP Applications\n          + RFC 2574 User-based Security Model (USM) for version 3 of the\n            Simple Network Management Protocol (SNMPv3)\n          + RFC  2575  View-based  Access  Control  Model  (VACM) for the\n            Simple Network Management Protocol (SNMP)\n          + RFC  2576  Coexistence  between  Version  1,  Version  2, and\n            Version   3   of  the  Internet-standard  Network  Management\n            Framework\n         _____________________________________________________________\n\n       The  CERT  Coordination  Center  thanks the Oulu University Secure\n       Programming  Group  for reporting these vulnerabilities to us, for\n       providing  detailed  technical  analyses,  and for assisting us in\n       preparing  this  advisory.  We also thank Steven M. Bellovin (AT\u0026T\n       Labs  --  Research),  Wes Hardaker (Net-SNMP), Steve Moulton (SNMP\n       Research),  Tom Reddington (Bell Labs), Mike Duckett (Bell South),\n       Rob   Thomas,  Blue  Boar  (Thievco),  and  the  many  others  who\n       contributed to this document. \n         _____________________________________________________________\n\n       Feedback  on  this document can be directed to the authors, Ian A. \n       Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D. \n       Householder, Marty Lindner, and Art Manion. \n       __________________________________________________________________\n\n       This document is available from:\n       http://www.cert.org/advisories/CA-2002-03.html\n       __________________________________________________________________\n\n       CERT/CC Contact Information\n\n        Email: cert@cert.org\n                Phone: +1 412-268-7090 (24-hour hotline)\n                Fax: +1 412-268-6989\n                Postal address:\n                CERT Coordination Center\n                Software Engineering Institute\n                Carnegie Mellon University\n                Pittsburgh PA 15213-3890\n                U.S.A. \n\n       CERT/CC  personnel  answer  the  hotline  08:00-17:00 EST(GMT-5) /\n       EDT(GMT-4) Monday through Friday; they are on call for emergencies\n       during other hours, on U.S. holidays, and on weekends. \n       \n       Using encryption\n       We  strongly  urge  you  to  encrypt sensitive information sent by\n       email. Our public PGP key is available from\n        http://www.cert.org/CERT_PGP.key\n       If  you  prefer  to use DES, please call the CERT hotline for more\n       information. \n       \n       Getting  security information\n       CERT publications and other security information are available\n       from our web site\n        http://www.cert.org/\n       To   subscribe  to  the  CERT  mailing  list  for  advisories  and\n       bulletins, send email to majordomo@cert.org. Please include in the\n       body of your message\n       \n         subscribe cert-advisory\n       \n       * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n       Patent and Trademark Office. \n       __________________________________________________________________\n\n       NO WARRANTY\n       Any  material  furnished  by  Carnegie  Mellon  University and the\n       Software  Engineering  Institute is furnished on an \"as is\" basis. \n       Carnegie Mellon University makes no warranties of any kind, either\n       expressed  or  implied as to any matter including, but not limited\n       to,   warranty   of   fitness   for   a   particular   purpose  or\n       merchantability,  exclusivity  or results obtained from use of the\n       material. Carnegie Mellon University does not make any warranty of\n       any  kind  with  respect  to  freedom  from  patent, trademark, or\n       copyright infringement. \n         _____________________________________________________________\n\n       Conditions for use, disclaimers, and sponsorship information\n       Copyright 2002 Carnegie Mellon University. \n\nRevision History\n\n       February 12, 2002: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU\nR1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl\nQUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr\nuZiMJ5f2SEo=\n=h42e\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-0053"
          },
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000035"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          }
        ],
        "trust": 4.23
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#107186",
            "trust": 3.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306",
            "trust": 3.9
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0053",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "4132",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "4732",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "4088",
            "trust": 1.6
          },
          {
            "db": "BID",
            "id": "4089",
            "trust": 1.6
          },
          {
            "db": "XF",
            "id": "8176",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "8177",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000035",
            "trust": 0.8
          },
          {
            "db": "MS",
            "id": "MS02-006",
            "trust": 0.6
          },
          {
            "db": "OVAL",
            "id": "OVAL:ORG.MITRE.OVAL:DEF:209",
            "trust": 0.6
          },
          {
            "db": "OVAL",
            "id": "OVAL:ORG.MITRE.OVAL:DEF:402",
            "trust": 0.6
          },
          {
            "db": "CERT/CC",
            "id": "CA-2002-03",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200203-006",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "89608",
            "trust": 0.3
          },
          {
            "db": "BID",
            "id": "89661",
            "trust": 0.3
          },
          {
            "db": "PACKETSTORM",
            "id": "25758",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000035"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200203-006"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0053"
          }
        ]
      },
      "id": "VAR-200203-0024",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3056849
      },
      "last_update_date": "2025-04-03T22:25:21.107000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HPSBUX00184",
            "trust": 0.8,
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00964944"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ibm.com/jp/"
          },
          {
            "title": "MS02-006",
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms02-006.mspx"
          },
          {
            "title": "RHSA-2001:163",
            "trust": 0.8,
            "url": "http://rhn.redhat.com/errata/RHSA-2001-163.html"
          },
          {
            "title": "#00215",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-22-00215-1"
          },
          {
            "title": "#00215",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-22-00215-3"
          },
          {
            "title": "MS02-006",
            "trust": 0.8,
            "url": "http://www.microsoft.com/japan/technet/security/Bulletin/ms02-006.mspx"
          },
          {
            "title": "RHSA-2001:163",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2001-163J.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000035"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-0053"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.cert.org/advisories/ca-2002-03.html"
          },
          {
            "trust": 3.1,
            "url": "http://www.kb.cert.org/vuls/id/107186"
          },
          {
            "trust": 3.1,
            "url": "http://www.kb.cert.org/vuls/id/854306"
          },
          {
            "trust": 2.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0013"
          },
          {
            "trust": 2.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0012"
          },
          {
            "trust": 2.2,
            "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.ee.oulu.fi/research/ouspg/protos/"
          },
          {
            "trust": 1.7,
            "url": "http://www.cert.org/tech_tips/denial_of_service.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.ietf.org/rfc/rfc1215.txt"
          },
          {
            "trust": 1.7,
            "url": "http://www.ietf.org/rfc/rfc1270.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc3000.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc1212.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc1213.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2570.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2571.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2572.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2573.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2574.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2575.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2576.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/4088"
          },
          {
            "trust": 1.6,
            "url": "http://online.securityfocus.com/bid/4132"
          },
          {
            "trust": 1.6,
            "url": "http://online.securityfocus.com/bid/4732"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/4089"
          },
          {
            "trust": 1.2,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms02-006.asp"
          },
          {
            "trust": 1.0,
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a209"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a402"
          },
          {
            "trust": 0.8,
            "url": "http://www.ciac.org/ciac/bulletins/m-042.shtml"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0053"
          },
          {
            "trust": 0.8,
            "url": "http://www.ipa.go.jp/security/ciadr/20020213snmp.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/wr/2002/wr020701.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/wr/2002/wr020901.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/at/2002/at020001.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnca-2002-03"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0053"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/8176"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/8177"
          },
          {
            "trust": 0.8,
            "url": "http://www.isskk.co.jp/support/techinfo/general/protos_snmp_xforce.html"
          },
          {
            "trust": 0.6,
            "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:402"
          },
          {
            "trust": 0.6,
            "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:209"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f44605"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-non-ios-pub.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/public/sw-center/sw-ios.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1352.txt"
          },
          {
            "trust": 0.1,
            "url": "http://www.redhat.com/support/errata/rhsa-2001-163.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.cert.org/tech_tips/snmp_faq.html"
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/ca/4.1.02/relnotes.htm"
          },
          {
            "trust": 0.1,
            "url": "http://www.innerdive.com/products/ric/)"
          },
          {
            "trust": 0.1,
            "url": "https://www.juniper.net."
          },
          {
            "trust": 0.1,
            "url": "http://sunsolve.sun.com/securitypatch."
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/go/psirt/."
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/ca/4.0.15/relnotes.htm"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1067.txt"
          },
          {
            "trust": 0.1,
            "url": "https://www.dartware.com)"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1140.txt"
          },
          {
            "trust": 0.1,
            "url": "http://itrc.hp.com"
          },
          {
            "trust": 0.1,
            "url": "http://www.sun.com/solstice/products/ent.agents/"
          },
          {
            "trust": 0.1,
            "url": "http://stage.caldera.com/support/security"
          },
          {
            "trust": 0.1,
            "url": "http://www.ee.oulu.fi/research/ouspg/)"
          },
          {
            "trust": 0.1,
            "url": "http://www.net-snmp.org/download/)."
          },
          {
            "trust": 0.1,
            "url": "http://www.cert.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.cert.org/cert_pgp.key"
          },
          {
            "trust": 0.1,
            "url": "http://www.ibm.com/software/lotus/support/)."
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/sa/4.0.15/relnotes.htm"
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1156.txt"
          },
          {
            "trust": 0.1,
            "url": "http://support.novell.com/tools/csp/"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/cpe/patches/"
          },
          {
            "trust": 0.1,
            "url": "https://www.covalent.net"
          },
          {
            "trust": 0.1,
            "url": "http://www.innerdive.com/products/mibscout/)"
          },
          {
            "trust": 0.1,
            "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/0100.h"
          },
          {
            "trust": 0.1,
            "url": "http://sunsolve.sun.com/security."
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1155.txt"
          },
          {
            "trust": 0.1,
            "url": "http://www.stonesoft.com/support/techcenter/"
          },
          {
            "trust": 0.1,
            "url": "http://www.sgi.com/support/security/."
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1089.txt"
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/ca/3.1.22/relnotes.htm"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000035"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200203-006"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0053"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000035"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200203-006"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0053"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2002-01-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89608"
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89661"
          },
          {
            "date": "2002-05-13T00:00:00",
            "db": "BID",
            "id": "4732"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "BID",
            "id": "4132"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2002-000035"
          },
          {
            "date": "2002-02-12T22:54:19",
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200203-006"
          },
          {
            "date": "2002-03-08T05:00:00",
            "db": "NVD",
            "id": "CVE-2002-0053"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-11-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "date": "2007-11-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89608"
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89661"
          },
          {
            "date": "2002-05-13T00:00:00",
            "db": "BID",
            "id": "4732"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "BID",
            "id": "4132"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2002-000035"
          },
          {
            "date": "2005-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200203-006"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2002-0053"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4132"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in SNMPv1 trap handling",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200202-0007

    Vulnerability from variot - Updated: 2025-04-03 22:25

    Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code ・ If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the “Overview” for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. The resultant crash may be due to a buffer overflow condition. If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. Multiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP request messages. Among the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. It is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance. The affected device may reset, or require a manual reset to regain functionality.

    -----BEGIN PGP SIGNED MESSAGE-----

    CERT Advisory CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)

    Original release date: February 12, 2002 Last revised: -- Source: CERT/CC

    A complete revision history can be found at the end of this file.

    Systems Affected

    Products from a very wide variety of vendors may be affected. See Vendor Information for details from vendors who have provided feedback for this advisory.

    In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from http://www.kb.cert.org/vuls/id/854306 http://www.kb.cert.org/vuls/id/107186

    Many other systems making use of SNMP may also be vulnerable but were not specifically tested.

    In addition to this advisory, we also have an FAQ available at http://www.cert.org/tech_tips/snmp_faq.html

    I. Version 1 of the protocol (SNMPv1) defines several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send unsolicited alerts. The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) has reported numerous vulnerabilities in SNMPv1 implementations from many different vendors. More information about SNMP and OUSPG can be found in Appendix C

    OUSPG's research focused on the manner in which SNMPv1 agents and managers handle request and trap messages. A trap message may indicate a warning or error condition or otherwise notify the manager about the agent's state. Request messages might be issued to obtain information from an agent or to instruct the agent to configure the host device.

    Vulnerabilities in the decoding and subsequent processing of SNMP messages by both managers and agents may result in denial-of-service conditions, format string vulnerabilities, and buffer overflows. Some vulnerabilities do not require the SNMP message to use the correct SNMP community string.

    These vulnerabilities have been assigned the CVE identifiers CAN-2002-0012 and CAN-2002-0013, respectively.

    II.

    III. Solution

    Note that many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.

    Apply a patch from your vendor

    Appendix A contains information provided by vendors for this advisory. Please consult this appendix to determine if you need to contact your vendor directly.

    Disable the SNMP service

    As a general rule, the CERT/CC recommends disabling any service or capability that is not explicitly required, including SNMP. Unfortunately, some of the affected products exhibited unexpected behavior or denial of service conditions when exposed to the OUSPG test suite even if SNMP was not enabled. In these cases, disabling SNMP should be used in conjunction with the filtering practices listed below to provide additional protection.

    Ingress filtering

    As a temporary measure, it may be possible to limit the scope of these vulnerabilities by blocking access to SNMP services at the network perimeter.

    Ingress filtering manages the flow of traffic as it enters a network under your administrative control. Servers are typically the only machines that need to accept inbound traffic from the public Internet. In the network usage policy of many sites, there are few reasons for external hosts to initiate inbound traffic to machines that provide no public services. Thus, ingress filtering should be performed at the border to prohibit externally initiated inbound traffic to non-authorized services. For SNMP, ingress filtering of the following ports can prevent attackers outside of your network from impacting vulnerable devices in the local network that are not explicitly authorized to provide public SNMP services.

    snmp 161/udp # Simple Network Management Protocol (SNMP) snmp 162/udp # SNMP system management messages

    The following services are less common, but may be used on some affected products

    snmp 161/tcp # Simple Network Management Protocol (SNMP) snmp 162/tcp # SNMP system management messages smux 199/tcp # SNMP Unix Multiplexer smux 199/udp # SNMP Unix Multiplexer synoptics-relay 391/tcp # SynOptics SNMP Relay Port synoptics-relay 391/udp # SynOptics SNMP Relay Port agentx 705/tcp # AgentX snmp-tcp-port 1993/tcp # cisco SNMP TCP port snmp-tcp-port 1993/udp # cisco SNMP TCP port

    As noted above, you should carefully consider the impact of blocking services that you may be using.

    It is important to note that in many SNMP implementations, the SNMP daemon may bind to all IP interfaces on the device. This has important consequences when considering appropriate packet filtering measures required to protect an SNMP-enabled device. For example, even if a device disallows SNMP packets directed to the IP addresses of its normal network interfaces, it may still be possible to exploit these vulnerabilities on that device through the use of packets directed at the following IP addresses: * "all-ones" broadcast address * subnet broadcast address * any internal loopback addresses (commonly used in routers for management purposes, not to be confused with the IP stack loopback address 127.0.0.1)

    Careful consideration should be given to addresses of the types mentioned above by sites planning for packet filtering as part of their mitigation strategy for these vulnerabilities.

    Finally, sites may wish to block access to the following RPC services related to SNMP (listed as name, program ID, alternate names)

    snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys snmp-utk snmpv2 100138 na.snmpv2 # SNM Version 2.2.2 snmpXdmid 100249

    Please note that this workaround may not protect vulnerable devices from internal attacks.

    Filter SNMP traffic from non-authorized internal hosts

    In many networks, only a limited number of network management systems need to originate SNMP request messages. This can reduce, but not wholly eliminate, the risk from internal attacks. However, it may have detrimental effects on network performance due to the increased load imposed by the filtering, so careful consideration is required before implementation. Similar caveats to the previous workaround regarding broadcast and loopback addresses apply.

    Change default community strings

    Most SNMP-enabled products ship with default community strings of "public" for read-only access and "private" for read-write access. As with any known default access control mechanism, the CERT/CC recommends that network administrators change these community strings to something of their own choosing. However, even when community strings are changed from their defaults, they will still be passed in plaintext and are therefore subject to packet sniffing attacks. SNMPv3 offers additional capabilities to ensure authentication and privacy as described in RFC2574.

    Because many of the vulnerabilities identified in this advisory occur before the community strings are evaluated, it is important to note that performing this step alone is not sufficient to mitigate the impact of these vulnerabilities. Nonetheless, it should be performed as part of good security practice.

    Segregate SNMP traffic onto a separate management network

    In situations where blocking or disabling SNMP is not possible, exposure to these vulnerabilities may be limited by restricting all SNMP access to separate, isolated management networks that are not publicly accessible. Although this would ideally involve physically separate networks, that kind of separation is probably not feasible in most environments. Mechanisms such as virtual LANs (VLANs) may be used to help segregate traffic on the same physical network. Note that VLANs may not strictly prevent an attacker from exploiting these vulnerabilities, but they may make it more difficult to initiate the attacks.

    Another option is for sites to restrict SNMP traffic to separate virtual private networks (VPNs), which employ cryptographically strong authentication.

    Note that these solutions may require extensive changes to a site's network architecture.

    Egress filtering

    Egress filtering manages the flow of traffic as it leaves a network under your administrative control. There is typically limited need for machines providing public services to initiate outbound traffic to the Internet. In the case of SNMP vulnerabilities, employing egress filtering on the ports listed above at your network border can prevent your network from being used as a source for attacks on other sites.

    Disable stack execution

    Disabling executable stacks (on systems where this is configurable) can reduce the risk of "stack smashing" attacks based on these vulnerabilities. Although this does not provide 100 percent protection against exploitation of these vulnerabilities, it makes the likelihood of a successful exploit much smaller. On many UNIX systems, executable stacks can be disabled by adding the following lines to /etc/system:

    set noexec_user_stack = 1 set noexec_user_stack_log = 1

    Note that this may go against the SPARC and Intel ABIs and can be bypassed as required in programs with mprotect(2). For the changes to take effect you will then need to reboot.

    Other operating systems and architectures also support the disabling of executable stacks either through native configuration parameters or via third-party software. Consult your vendor(s) for additional information.

    Share tools and techniques

    Because dealing with these vulnerabilities to systems and networks is so complex, the CERT/CC will provide a forum where administrators can share ideas and techniques that can be used to develop proper defenses. We have created an unmoderated mailing list for system and network administrators to discuss helpful techniques and tools.

    You can subscribe to the mailing list by sending an email message to majordomo@cert.org. In the body of the message, type

    subscribe snmp-forum

    After you receive the confirmation message, follow the instructions in the message to complete the subscription process.

    Appendix A. - Vendor Information

    This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.

    AdventNet

     This  is in reference to your notification regarding [VU#107186 and
     VU#854306]  and  OUSPG#0100.   AdventNet  Inc.  has reproduced this
     behavior  in  their  products and coded a Service Pack fix which is
     currently   in   regression   testing   in  AdventNet  Inc.'s  Q.A. 
     organization.    The  release  of  AdventNet  Inc's.  Service  Pack
     correcting  the  behavior  outlined in VU#617947, and OUSPG#0100 is
     scheduled  to  be  generally  available  to all of AdventNet Inc.'s
     customers by February 20, 2002.
    

    Avaya

     Avaya  Inc.
    

    CacheFlow

     The  purpose of this email is to advise you that CacheFlow Inc. has
     provided a software update. Please be advised that updated versions
     of  the  software  are  now  available  for all supported CacheFlow
     hardware  platforms,  and may be obtained by CacheFlow customers at
     the following URL:
    
          http://download.cacheflow.com/
    

    The specific reference to the software update is contained within the Release Notes for CacheOS Versions 3.1.22 Release ID 17146, 4.0.15 Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149.

    RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm

    RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm

     * SR   1-1647517,   VI  13045:  This  update  modified  a  potential
     vulnerability by using an SNMP test tools exploit.
    

    3Com Corporation

     A  vulnerability to an SNMP packet with an invalid length community
     string  has  been  resolved  in  the  following products. Customers
     concerned  about  this  weakness should ensure that they upgrade to
     the following agent versions:
     PS Hub 40
     2.16 is due Feb 2002
     PS Hub 50
     2.16 is due Feb 2002
     Dual Speed Hub
     2.16 is due Jan 2002
     Switch 1100/3300
     2.68 is available now
     Switch 4400
     2.02 is available now
     Switch 4900
     2.04 is available now
     WebCache1000/3000
     2.00 is due Jan 2002
    

    Caldera

     Caldera   International,  Inc.  has  reproduced  faulty behavior in
     Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX
     8.  We have coded a software fix for  supported versions of Caldera
     UnixWare  7  and  Caldera  Open UNIX 8 that will  be available from
     our   support   site  at  http://stage.caldera.com/support/security
     immediately  following the publication of this CERT announcement. A
     fix  for  supported versions of OpenServer 5 will be available at a
     later date.
    

    Cisco Systems

     Cisco  Systems  is  addressing  the  vulnerabilities  identified by
     VU#854306  and VU#107186 across its entire product line. Cisco will
     publish    a    security   advisory   with   further   details   at
     http://www.cisco.com/go/psirt/.
    

    Compaq Computer Corporation

     x-ref: SSRT0779U SNMP
     At  the time of writing this document, COMPAQ continues to evaluate
     this potential problem and when new versions of SNMP are available,
     COMPAQ  will implement solutions based on the new code. Compaq will
     provide  notice  of  any  new  patches  as  a result of that effort
     through  standard  patch  notification  procedures and be available
     from your normal Compaq Services support channel.
    

    Computer Associates

     Computer  Associates  has  confirmed Unicenter vulnerability to the
     SNMP  advisory identified by CERT notification reference [VU#107186
     &   VU#854306]   and   OUSPG#0100.   We  have  produced  corrective
     maintenance  to  address  these  vulnerabilities,  which  is in the
     process  of publication for all applicable releases / platforms and
     will  be  offered  through the CA Support site.  Please contact our
     Technical    Support   organization   for   information   regarding
     availability / applicability for your specific configuration(s).
    

    COMTEK Services, Inc.

     NMServer  for  AS/400  is  not  an SNMP master and is therefore not
     vulnerable.  However  this  product  requires the use of the AS/400
     SNMP  master  agent  supplied  by  IBM.
    
     NMServer   for  OpenVMS  has  been  tested  and  has  shown  to  be
     vulnerable.  COMTEK  Services  is  preparing  a new release of this
     product  (version  3.5)  which will contain a fix for this problem. 
     This  new  release  is  scheduled to be available in February 2002. 
     Contact COMTEK Services for further information.
    
     NMServer  for VOS has not as yet been tested; vulnerability of this
     agent  is  unknown.  Contact for further information on the testing
     schedule of the VOS product.
    

    Covalent Technologies

     Covalent Technologies ERS (Enterprise Ready Server), Secure Server,
     and  Conductor  SNMP module are not vulnerable according to testing
     performed   in   accordance  with  CERT  recommendations.  Security
     information for Covalent products can be found at www.covalent.net
    

    Dartware, LLC

     Dartware,  LLC  (www.dartware.com)  supplies  two products that use
     SNMPv1  in  a  manager  role,  InterMapper  and SNMP Watcher.  This statement applies to all present
     and past versions of these two software packages.
    

    DMH Software

     DMH  Software  is  in  the  process of evaluating and attempting to
     reproduce this behavior. 
     It  is  unclear at this point if our snmp-agent is sensitive to the
     tests described above. 
     If  any  problems  will  be  discovered,  DMH  Software will code a
     software fix. 
     The  release of DMH Software OS correcting the behavior outlined in
     VU#854306, VU#107186, and OUSPG#0100 will be generally available to
     all of DMH Software's customers as soon as possible.
    

    EnGarde Secure Linux

     EnGarde  Secure  Linux  did  not  ship any SNMP packages in version
     1.0.1 of our distribution, so we are not vulnerable to either bug.
    

    FreeBSD

     FreeBSD  does  not  include any SNMP software by default, and so is
     not vulnerable.  However, the FreeBSD Ports Collection contains the
     UCD-SNMP   /   NET-SNMP   package.    Package   versions  prior  to
     ucd-snmp-4.2.3  are  vulnerable.   The upcoming FreeBSD 4.5 release
     will  ship  the  corrected  version  of  the  UCD-SNMP  /  NET-SNMP
     package.   In  addition,  the  corrected version of the packages is
     available from the FreeBSD mirrors.
    
     FreeBSD   has   issued  the  following  FreeBSD  Security  Advisory
     regarding the UCD-SNMP / NET-SNMP package:
     ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09. 
     snmp.asc.
    

    Hewlett-Packard Company

     SUMMARY - known vulnerable:
     ========================================
     hp procurve switch 2524
     NNM  (Network Node Manager)
     JetDirect Firmware (Older versions only)
     HP-UX Systems running snmpd or OPENVIEW
     MC/ServiceGuard
     EMS
     Still under investigation:
     SNMP/iX (MPE/iX)
     ========================================
     _________________________________________________________
     ---------------------------------------------------------
     hp procurve switch 2524 
     ---------------------------------------------------------
     hp procurve switch 2525 (product J4813A) is vulnerable to some
     issues, patches in process. Watch for the associated HP
     Security Bulletin. 
     ---------------------------------------------------------
     NNM  (Network Node Manager)
     ---------------------------------------------------------
     Some problems were found in NNM product were related to
     trap handling. Patches in process. Watch for the
     associated HP Security Bulletin. 
     ---------------------------------------------------------
     JetDirect Firmware (Older versions only)
     ---------------------------------------------------------
     ONLY some older versions of JetDirect Firmware are
     vulnerable to some of the issues.  The older firmware
     can be upgraded in most cases, see list below. 
     JetDirect Firmware Version    State
     ==========================    =====
        X.08.32 and higher     NOT Vulnerable
        X.21.00 and higher     NOT Vulnerable
     JetDirect Product Numbers that can be freely
     upgraded to X.08.32 or X.21.00 or higher firmware. 
     EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)
     J3110A 10T
     J3111A 10T/10B2/LocalTalk
     J3112A Token Ring (discontinued)
     J3113A 10/100 (discontinued)
     J4169A 10/100
     J4167A Token Ring
     MIO (Peripherals LaserJet 4, 4si, 5si, etc...)
     J2550A/B 10T (discontinued)
     J2552A/B 10T/10Base2/LocalTalk (discontinued)
     J2555A/B Token Ring (discontinued)
     J4100A 10/100
     J4105A Token Ring
     J4106A 10T
     External Print Servers
     J2591A EX+ (discontinued)
     J2593A EX+3 10T/10B2 (discontinued)
     J2594A EX+3 Token Ring (discontinued)
     J3263A 300X 10/100
     J3264A 500X Token Ring
     J3265A 500X 10/100
     ----------------------------------------------------------
     HP-UX Systems running snmpd or OPENVIEW
     ----------------------------------------------------------
     The following patches are available now:
       PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch
       PHSS_26138 s700_800 11.X  OV EMANATE14.2 Agent Consolidated Patch
       PSOV_03087 EMANATE Release 14.2 Solaris 2.X  Agent Consolidated
     Patch
     All three patches are available from:
     http://support.openview.hp.com/cpe/patches/
     In addition PHSS_26137 and PHSS_26138 will soon be available from:
     http://itrc.hp.com
     ================================================================
     NOTE: The patches are labeled OV(Open View). However, the patches
     are also applicable to systems that are not running Open View. 
     =================================================================
     Any   HP-UX  10.X  or  11.X  system  running  snmpd  or  snmpdm  is
     vulnerable. 
     To determine if your HP-UX system has snmpd or snmpdm installed:
       swlist -l file | grep snmpd
     If a patch is not available for your platform or you cannot install
     an  available  patch,  snmpd and snmpdm can be disabled by removing
     their
     entries  from  /etc/services  and  removing the execute permissions
     from
     /usr/sbin/snmpd and /usr/sbin/snmpdm. 
     ----------------------------------------------------------------
     Investigation completed, systems vulnerable. 
     ----------------------------------------------------------------
     MC/ServiceGuard
     Event Monitoring System  (EMS)
     ----------------------------------------------------------------
       Still under investigation:
     ----------------------------------------------------------------
     SNMP/iX (MPE/iX)
    

    Hirschmann Electronics GmbH & Co. KG

     Hirschmann  Electronics  GmbH  &  Co.  KG supplies a broad range of
     networking  products,  some  of  which  are  affected  by  the SNMP
     vulnerabilities  identified by CERT Coordination Center. Hirschmann customers may contact our Competence
     Center (phone +49-7127-14-1538, email:
     ans-support@nt.hirschmann.de)     for    additional    information,
     especially  regarding  availability  of  latest  firmware  releases
     addressing the SNMP vulnerabilities.
    

    IBM Corporation

     Based  upon  the  results  of  running  the  test  suites  we  have
     determined  that  our  version  of  SNMP  shipped  with  AIX is NOT
     vulnerable.
    

    Innerdive Solutions, LLC

     Innerdive Solutions, LLC has two SNMP based products:
     1. The "SNMP MIB Scout"
     (http://www.innerdive.com/products/mibscout/)
     2. The "Router IP Console" (http://www.innerdive.com/products/ric/)
     The "SNMP MIB Scout" is not vulnerable to either bug. 
     The "Router IP Console" releases prior to 3.3.0.407 are vulnerable. 
     The release of "Router IP Console" correcting the behavior outlined
     in  OUSPG#0100  is  3.3.0.407 and is already available on our site. 
     Also,  we  will  notify all our customers about this new release no
     later than March 5, 2002.
    

    Juniper Networks

     This  is  in reference to your notification regarding CAN-2002-0012
     and  CAN-2002-0013.   Juniper Networks has reproduced this behavior
     and coded a software fix.  The fix will be included in all releases
     of  JUNOS Internet software built after January 5, 2002.  Customers
     with  current  support contracts can download new software with the
     fix from Juniper's web site at www.juniper.net. 
     Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can
     only  be  reproduced  in JUNOS Internet software if certain tracing
     options  are  enabled.   These options are generally not enabled in
     production routers.
    

    Lantronix, Inc.

     Lantronix  is  committed  to  resolving  security  issues  with our
     products.  The SNMP security bug you reported has been fixed in LRS
     firmware version B1.3/611(020123).
    

    Lotus Development Corporation

     Lotus    Software   evaluated   the   Lotus   Domino   Server   for
     vulnerabilities using the test suite materials provided by OUSPG. 
     This  problem  does  not affect default installations of the Domino
     Server.   However,  SNMP  agents  can  be  installed from the CD to
     provide  SNMP  services for the Domino Server (these are located in
     the   /apps/sysmgmt/agents   directory).    The  optional  platform
     specific  master  and  encapsulator  agents included with the Lotus
     Domino  SNMP  Agents  for  HP-UX  and Solaris have been found to be
     vulnerable.  For  those  platforms,  customers  should  upgrade  to
     version  R5.0.1  a  of  the Lotus Domino SNMP Agents, available for
     download  from the Lotus Knowledge Base on the IBM Support Web Site
     (http://www.ibm.com/software/lotus/support/).   Please   refer   to
     Document  #191059,  "Lotus Domino SNMP Agents R5.0.1a", also in the
     Lotus Knowledge Base, for more details.
    

    LOGEC Systems Inc

     The  products  from  LOGEC  Systems are exposed to SNMP only via HP
     OpenView.  We  do  not have an implementation of SNMP ourselves. As
     such,  there is nothing in our products that would be an issue with
     this alert.
    

    Lucent

     Lucent is aware of reports that there is a vulnerability in certain
     implementations  of  the  SNMP (Simple Network Management Protocol)
     code  that  is  used in data switches and other hardware throughout
     the telecom industry. 
     As soon as we were notified by CERT, we began assessing our product
     portfolio  and  notifying  customers  with  products  that might be
     affected. 
     Our  5ESS  switch  and  most  of  our  optical  portfolio  were not
     affected.   Our  core  and  edge  ATM switches and most of our edge
     access  products  are  affected, but we have developed, tested, and
     deployed  fixes for many of those products to our customers. 
     We consider the security and reliability of our customers' networks
     to  be  one  of  our  critical  measures  of success. We take every
     reasonable measure to ensure their satisfaction. 
     In  addition,  we  are  working  with  customers on ways to further
     enhance the security they have in place today.
    

    Marconi

     Marconi  supplies  a  broad range of telecommunications and related
     products,  some  of  which are affected by the SNMP vulnerabilities
     identified  here. Those
     Marconi   customers   with  support  entitlement  may  contact  the
     appropriate   Technical  Assistance  Center  (TAC)  for  additional
     information.  Those not under support entitlement may contact their
     sales representative.
    

    Microsoft Corporation

     The  Microsoft  Security Reponse [sic] Center has investigated this
     issue, and provides the following information.  The  SNMP v1 service is not installed or running by
     default on any version of Windows. A patch is underway to eliminate
     the  vulnerability.  In  the  meantime,  we recommend that affected
     customers disable the SNMP v1 service.
    
     Details:
     An  SNMP  v1 service ships on the CDs for Windows 95, 98, and 98SE. 
     It  is  not  installed  or  running  by  default  on  any  of these
     platforms.  An SNMP v1 is NOT provided for Windows ME.  However, it
     is  possible  that  Windows  98  machines  which  had  the  service
     installed  and  were  upgraded would still have the service.  Since
     SNMP  is  not  supported for WinME, customers in this situation are
     urged to remove the SNMP service. 
     An  SNMP  v1  service  is  available  on  Windows NT 4.0 (including
     Terminal  Server  Edition) and Windows 2000 but is not installed or
     running  by  default  on any of these platforms.Windows XP does not
     ship with an SNMP v1 service.
    
     Remediation:
     A  patch  is  underway  for  the  affected  platforms,  and will be
     released  shortly.  In  the  meantime,  Microsoft  recommends  that
     customers  who  have  the  SNMP  v1  service  running disable it to
     protect their systems. Following are instruction for doing this:
    
     Windows 95, 98 and 98SE:
     1. In Control Panel, double-click Network. 
     2. On  the  Configuration  tab,  select Microsoft SNMP Agent from the
        list of installed components. 
     3. Click Remove
    
     Check the following keys and confirm that snmp.exe is not listed. 
     HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunSer
     vices
     HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    
     For Windows XP:
     1. Right-click on My Computer and select Manage
     2. Click on Services and Applications, then on Services
     3. Location  SNMP  on  the list of services, then select it and click
        Stop. 
     4. Select Startup, and click Disabled. 
     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer
        Management window.
    
     For Windows NT 4.0 (including Terminal Server Edition):
     1. Select Start, then Settings. 
     2. Select Control Panel, then click on the Services Icon
     3. Locate  SNMP  on  the  list  of services, then select it and click
        Stop. 
     4. Select Startup, and click Disabled. 
     5. Click OK to close the dialoge [sic], then close Control Panel
    
     Windows 2000:
     1. Right-click on My Computer and select Manage
     2. Click on Services and Applications, then on Services
     3. Location  SNMP  on  the list of services, then select it and click
        Stop. 
     4. Select Startup, and click Disabled. 
     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer
        Management window.
    

    Multinet

     MultiNet  and  TCPware customers should contact Process Software to
     check  for  the availability of patches for this issue. A couple of
     minor  problems were found and fixed, but there is no security risk
     related to the SNMP code included with either product.
    

    Netaphor

     NETAPHOR  SOFTWARE INC. is the creator of Cyberons for Java -- SNMP
     Manager  Toolkit  and Cyberons for Java -- NMS Application Toolkit,
     two   Java  based  products  that  may  be  affected  by  the  SNMP
     vulnerabilities  identified  here.  The  manner  in  which they are
     affected  and the actions required (if any) to avoid being impacted
     by  exploitation  of  these  vulnerabilities,  may  be  obtained by
     contacting  Netaphor  via email at info@netaphor.com Customers with
     annual support may contact support@netaphor.com directly. Those not
     under    support    entitlement   may   contact   Netaphor   sales:
     sales@netaphor.com or (949) 470 7955 in USA.
    

    NetBSD

     NetBSD does not ship with any SNMP tools in our 'base' releases. We
     do  provide  optional  packages  which  provide various support for
     SNMP.  These  packages  are  not installed by default, nor are they
     currently  provided  as  an  install option by the operating system
     installation tools. A system administrator/end-user has to manually
     install this with our package management tools. These SNMP packages
     include:
          + netsaint-plugin-snmp-1.2.8.4  (SNMP  monitoring  plug-in  for
            netsaint)
          + p5-Net-SNMP-3.60 (perl5 module for SNMP queries)
          + p5-SNMP-3.1.0  (Perl5  module for interfacing to the UCD SNMP
            library
          + p5-SNMP_Session-0.83   (perl5  module  providing  rudimentary
            access to remote SNMP agents)
          + ucd-snmp-4.2.1  (Extensible  SNMP  implementation) (conflicts
            with ucd-snmp-4.1.2)
          + ucd-snmp-4.1.2  (Extensible  SNMP  implementation) (conflicts
            with ucd-snmp-4.2.1)
    
     We    do   provide   a   software   monitoring   mechanism   called
     'audit-packages',  which allows us to highlight if a package with a
     range  of  versions  has  a potential vulnerability, and recommends
     that the end-user upgrade the packages in question.
    

    Netscape Communications Corporation

     Netscape  continues  to be committed to maintaining a high level of
     quality  in  our  software  and  service  offerings.  Part  of this
     commitment  includes  prompt response to security issues discovered
     by organizations such as the CERT Coordination Center. 
     According  to a recent CERT/CC advisory, The Oulu University Secure
     Programming  Group (OUSPG) has reported numerous vulnerabilities in
     multiple  vendor  SNMPv1 implementations. 
     We  have  carefully  examined the reported findings, performing the
     tests  suggested  by the OUSPG to determine whether Netscape server
     products  were  subject to these vulnerabilities. It was determined
     that several products fell into this category. As a result, we have
     created  fixes  which will resolve the issues, and these fixes will
     appear  in  future  releases  of  our  product  line. To Netscape's
     knowledge,  there  are  no known instances of these vulnerabilities
     being exploited and no customers have been affected to date. 
     When such security warnings are issued, Netscape has committed to -
     and will continue to commit to - resolving these issues in a prompt
     and timely fashion, ensuring that our customers receive products of
     the highest quality and security.
    

    NET-SNMP

     All  ucd-snmp  version  prior  to  4.2.2  are  susceptible  to this
     vulnerability  and  users  of  versions  prior to version 4.2.2 are
     encouraged   to   upgrade   their  software  as  soon  as  possible
     (http://www.net-snmp.org/download/).  Version  4.2.2 and higher are
     not susceptible.
    

    Network Associates

     PGP is not affected, impacted, or otherwise related to this VU#.
    

    Network Computing Technologies

     Network   Computing   Technologies  has  reviewed  the  information
     regarding  SNMP  vulnerabilities and is currently investigating the
     impact to our products.
    

    Nokia

     This  vulnerability  is  known  to affect IPSO versions 3.1.3, 3.3,
     3.3.1,  3.4,  and  3.4.1.   Patches  are  currently  available  for
     versions  3.3,  3.3.1,  3.4  and  3.4.1 for download from the Nokia
     website.   In  addition,  version  3.4.2  shipped  with  the  patch
     incorporated,  and the necessary fix will be included in all future
     releases of IPSO. 
     We  recommend customers install the patch immediately or follow the
     recommended precautions below to avoid any potential exploit. 
     If you are not using SNMP services, including Traps, simply disable
     the   SNMP   daemon   to   completely   eliminate   the   potential
     vulnerability. 
     If   you  are  using  only  SNMP  Traps  and  running  Check  Point
     FireWall-1,  create  a  firewall  policy  to disallow incoming SNMP
     messages on all appropriate interfaces. Traps will continue to work
     normally.
    

    Nortel Networks

     The  CERT Coordination Center has issued a broad based alert to the
     technology industry, including Nortel Networks, regarding potential
     security   vulnerabilities   identified   in   the  Simple  Network
     Management  Protocol  (SNMP),  a  common  networking  standard. The
     company   is   working   with  CERT  and  other  network  equipment
     manufacturers, the U.S. Government, service providers, and software
     suppliers to assess and address this issue.
    

    Novell

     Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x
     and  6.0  systems. The SNMP and SNMPLOG vulnerabilities detected on
     NetWare  are  fixed and will be available through NetWare 6 Support
     Pack 1 & NetWare 5.1 Support Pack 4. Support packs are available at
     http://support.novell.com/tools/csp/
    

    OpenBSD

     OpenBSD does not ship SNMP code.
    

    Qualcomm

     WorldMail  does  not  support SNMP by default, so customers who run
     unmodified installations are not vulnerable.
    

    Redback Networks, Inc.

     Redback  Networks,  Inc.  has  identified that the vulnerability in
     question  affects  certain versions of AOS software on the SMS 500,
     SMS  1800,  and  SMS 10000 platforms, and is taking the appropriate
     steps necessary to correct the issue.
    

    Red Hat

     RedHat has released a security advisiory [sic] at
     http://www.redhat.com/support/errata/RHSA-2001-163.html
     with  updated  versions  of  the ucd-snmp package for all supported
     releases and architectures. For more information or to download the
     update please visit this page.
    

    SGI

     SGI  acknowledges  the SNMP vulnerabilities reported by CERT and is
     currently  investigating. 
     For  the  protection  of  all our customers, SGI does not disclose,
     discuss  or  confirm vulnerabilities until a full investigation has
     occurred  and  any  necessary  patch(es)  or  release  streams  are
     available  for all vulnerable and supported IRIX operating systems. 
     Until SGI has more definitive information to provide, customers are
     encouraged  to  assume  all security vulnerabilities as exploitable
     and  take  appropriate  steps  according  to  local  site  security
     policies   and   requirements.   As   further  information  becomes
     available,  additional advisories will be issued via the normal SGI
     security  information  distribution  methods  including the wiretap
     mailing list on http://www.sgi.com/support/security/.
    

    SNMP Research International

     SNMP  Research  has  made  the following vendor statement. They are
     likely  to  revise  and  expand  the  statement as the date for the
     public vulnerability announcement draws nearer.   Users  maintaining
     earlier  releases should update to the current release if they have
     not  already  done  so. Other Stonesoft's products are
     still   under   investigation.
    
     Sun's  SNMP  product,  Solstice  Enterprise Agents (SEA), described
     here:
     http://www.sun.com/solstice/products/ent.agents/
     is  affected  by VU#854306 but not VU#107186. More specifically the
     main  agent  of  SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8. 
     Sun  is  currently  generating  patches  for this issue and will be
     releasing  a  Sun Security Bulletin once the patches are available. 
     The bulletin will be available from:
     http://sunsolve.sun.com/security.  Sun  patches are available from:
     http://sunsolve.sun.com/securitypatch.
    

    Symantec Corporation

     Symantec Corporation has investigated the SNMP issues identified by
     the  OUSPG test suite and determined that Symantec products are not
     susceptable [sic] to these issues.
    

    TANDBERG

     Tandberg  have  run  all  the  testcases found the PROTOS test-suie
     [sic], c06snmpv1:
     1. c06-snmpv1-trap-enc-pr1.jar
     2. c06-snmpv1-treq-app-pr1.jar
     3. c06-snmpv1-trap-enc-pr1.jar
     4. c06-snmpv1-req-app-pr1.jar
     The  tests  were  run with standard delay time between the requests
     (100ms),  but  also  with  a delay of 1ms. The tests applies to all
     TANDBERG  products (T500, T880, T1000, T2500, T6000 and T8000). The
     software  tested  on these products were B4.0 (our latest software)
     and no problems were found when running the test suite.
    

    Appendix B. - References 1. http://www.ee.oulu.fi/research/ouspg/protos/ 2. http://www.kb.cert.org/vuls/id/854306 3. http://www.kb.cert.org/vuls/id/107186 4. http://www.cert.org/tech_tips/denial_of_service.html 5. http://www.ietf.org/rfc/rfc1067.txt 6. http://www.ietf.org/rfc/rfc1089.txt 7. http://www.ietf.org/rfc/rfc1140.txt 8. http://www.ietf.org/rfc/rfc1155.txt 9. http://www.ietf.org/rfc/rfc1156.txt 10. http://www.ietf.org/rfc/rfc1215.txt 11. http://www.ietf.org/rfc/rfc1270.txt 12. http://www.ietf.org/rfc/rfc1352.txt

    Appendix C. - Background Information

     Background Information on the OUSPG
    
       OUSPG  is an academic research group located at Oulu University in
       Finland.  The  purpose  of this research group is to test software
       for vulnerabilities. 
       History  has  shown  that  the  techniques  used by the OUSPG have
       discovered a large number of previously undetected problems in the
       products  and  protocols  they  have  tested.  In  2001, the OUSPG
       produced a comprehensive test suite for evaluating implementations
       of  the  Lightweight  Directory  Access Protocol (LDAP). This test
       suite  was  developed with the strategy of abusing the protocol in
       unsupported  and  unexpected  ways,  and  it was very effective in
       uncovering  a  wide  variety  of  vulnerabilities  across  several
       products.  This approach can reveal vulnerabilities that would not
       manifest themselves under normal conditions. 
       After  completing  its  work  on  LDAP,  OUSPG  moved its focus to
       SNMPv1.  As  with  LDAP,  they designed a custom test suite, began
       testing   a   selection   of  products,  and  found  a  number  of
       vulnerabilities.  Because  OUSPG's  work  on  LDAP  was similar in
       procedure  to its current work on SNMP, you may wish to review the
       LDAP  Test  Suite  and  CERT  Advisory  CA-2001-18, which outlined
       results of application of the test suite. 
       In order to test the security of protocols like SNMPv1, the PROTOS
       project  presents  a  server with a wide variety of sample packets
       containing  unexpected  values  or  illegally formatted data. As a
       member of the PROTOS project consortium, the OUSPG used the PROTOS
       c06-snmpv1  test  suite  to  study  several implementations of the
       SNMPv1  protocol. Software and
       firmware products designed for networks often make use of the SNMP
       protocol.  SNMP  runs  on  a  multitude  of  devices and operating
       systems, including, but not limited to,
          + Core  Network  Devices (Routers, Switches, Hubs, Bridges, and
            Wireless Network Access Points)
          + Operating Systems
          + Consumer  Broadband  Network  Devices  (Cable  Modems and DSL
            Modems)
          + Consumer Electronic Devices (Cameras and Image Scanners)
          + Networked   Office  Equipment  (Printers,  Copiers,  and  FAX
            Machines)
          + Network and Systems Management/Diagnostic Frameworks (Network
            Sniffers and Network Analyzers)
          + Uninterruptible Power Supplies (UPS)
          + Networked Medical Equipment (Imaging Units and Oscilloscopes)
          + Manufacturing and Processing Equipment
       The  SNMP  protocol  is  formally defined in RFC1157. Quoting from
       that RFC:
    
                Implicit  in the SNMP architectural model is a collection
                of  network  management  stations  and  network elements. 
                Network    management    stations    execute   management
                applications  which monitor and control network elements. 
                Network  elements  are  devices  such as hosts, gateways,
                terminal  servers,  and  the  like, which have management
                agents  responsible for performing the network management
                functions  requested  by the network management stations.
    
       Additionally,   SNMP  is  discussed  in  a  number  of  other  RFC
       documents:
          + RFC 3000 Internet Official Protocol Standards
          + RFC 1212 Concise MIB Definitions
          + RFC  1213  Management Information Base for Network Management
            of TCP/IP-based Internets: MIB-II
          + RFC  1215  A  Convention  for Defining Traps for use with the
            SNMP
          + RFC 1270 SNMP Communications Services
          + RFC  2570  Introduction to Version 3 of the Internet-standard
            Network Management Framework
          + RFC  2571  An  Architecture  for  Describing  SNMP Management
            Frameworks
          + RFC  2572  Message  Processing and Dispatching for the Simple
            Network Management Protocol (SNMP)
          + RFC 2573 SNMP Applications
          + RFC 2574 User-based Security Model (USM) for version 3 of the
            Simple Network Management Protocol (SNMPv3)
          + RFC  2575  View-based  Access  Control  Model  (VACM) for the
            Simple Network Management Protocol (SNMP)
          + RFC  2576  Coexistence  between  Version  1,  Version  2, and
            Version   3   of  the  Internet-standard  Network  Management
            Framework
         _____________________________________________________________
    
       The  CERT  Coordination  Center  thanks the Oulu University Secure
       Programming  Group  for reporting these vulnerabilities to us, for
       providing  detailed  technical  analyses,  and for assisting us in
       preparing  this  advisory.  We also thank Steven M. Bellovin (AT&T
       Labs  --  Research),  Wes Hardaker (Net-SNMP), Steve Moulton (SNMP
       Research),  Tom Reddington (Bell Labs), Mike Duckett (Bell South),
       Rob   Thomas,  Blue  Boar  (Thievco),  and  the  many  others  who
       contributed to this document. 
         _____________________________________________________________
    
       Feedback  on  this document can be directed to the authors, Ian A. 
       Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D. 
       Householder, Marty Lindner, and Art Manion. 
       __________________________________________________________________
    
       This document is available from:
       http://www.cert.org/advisories/CA-2002-03.html
       __________________________________________________________________
    
       CERT/CC Contact Information
    
        Email: cert@cert.org
                Phone: +1 412-268-7090 (24-hour hotline)
                Fax: +1 412-268-6989
                Postal address:
                CERT Coordination Center
                Software Engineering Institute
                Carnegie Mellon University
                Pittsburgh PA 15213-3890
                U.S.A.
    
       CERT/CC  personnel  answer  the  hotline  08:00-17:00 EST(GMT-5) /
       EDT(GMT-4) Monday through Friday; they are on call for emergencies
       during other hours, on U.S. holidays, and on weekends.
    
       Using encryption
       We  strongly  urge  you  to  encrypt sensitive information sent by
       email. Our public PGP key is available from
        http://www.cert.org/CERT_PGP.key
       If  you  prefer  to use DES, please call the CERT hotline for more
       information.
    
       Getting  security information
       CERT publications and other security information are available
       from our web site
        http://www.cert.org/
       To   subscribe  to  the  CERT  mailing  list  for  advisories  and
       bulletins, send email to majordomo@cert.org. Please include in the
       body of your message
    
         subscribe cert-advisory
    
       * "CERT" and "CERT Coordination Center" are registered in the U.S. 
       Patent and Trademark Office. 
       __________________________________________________________________
    
       NO WARRANTY
       Any  material  furnished  by  Carnegie  Mellon  University and the
       Software  Engineering  Institute is furnished on an "as is" basis. 
       Carnegie Mellon University makes no warranties of any kind, either
       expressed  or  implied as to any matter including, but not limited
       to,   warranty   of   fitness   for   a   particular   purpose  or
       merchantability,  exclusivity  or results obtained from use of the
       material. Carnegie Mellon University does not make any warranty of
       any  kind  with  respect  to  freedom  from  patent, trademark, or
       copyright infringement. 
         _____________________________________________________________
    
       Conditions for use, disclaimers, and sponsorship information
       Copyright 2002 Carnegie Mellon University.
    

    Revision History

       February 12, 2002: Initial release
    

    -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

    iQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU R1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl QUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr uZiMJ5f2SEo= =h42e -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200202-0007",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ios 12.0",
            "scope": "ne",
            "trust": 5.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1",
            "scope": "ne",
            "trust": 3.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "3com",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "adtran",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "american power conversion",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "aprisma",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "bea",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "bmc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cnt",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "comtek services",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cscare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cacheflow",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "carrier access",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "compaq computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "computer associates",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "concord",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "dart",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "dell",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "digital",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "entrada",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "equinox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "fluke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "general datacomm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hirschmann",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "iplanet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "itouch",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "infovista",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "inktomi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "innerdive",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "ipswitch",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "karlnet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lantronix",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "larscom incorporated",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lotus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lucent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mg soft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "marconi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mercury interactive",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "metrobility optical",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "micromuse",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "monfox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "multinet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "net snmp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "network harmoni",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nbase xyplex",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netscout",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netsilicon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netscape",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "network appliance",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nortel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "novell",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "openwave",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "optical access",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "perle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "powerware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "radware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "redback",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "riverstone",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "snmp research",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sniffer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sonicwall",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sonus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "the sco group sco unix",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "tivoli",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "toshiba",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "unisphere",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vertical",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vina",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "wind river",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "world wide packets",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "xerox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "e security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "net com",
            "version": null
          },
          {
            "model": "ios 12.2",
            "scope": "ne",
            "trust": 1.5,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "cisco",
            "version": "30002.5.2"
          },
          {
            "model": "ios 12.0 xe",
            "scope": null,
            "trust": 1.2,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 dc2",
            "scope": "ne",
            "trust": 1.2,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "ibm",
            "version": "4.3"
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "model": "snmp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "snmp",
            "version": "*"
          },
          {
            "model": "windows 98se",
            "scope": null,
            "trust": 0.9,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "microsoft",
            "version": "95"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "ios 12.0 s6",
            "scope": "ne",
            "trust": 0.9,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nudesign team",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "outback resource group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "veritas",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bintec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "interniche",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ncipher corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netscreen",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nokia",
            "version": null
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "2.6 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "2.6 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "7.0 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "7.0 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "8 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "8 (x86)"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.00"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.10"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.20"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.00"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.20"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.24"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.04"
          },
          {
            "model": "windows 2000",
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "95"
          },
          {
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "98"
          },
          {
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "98 scd"
          },
          {
            "model": "windows 9x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "me"
          },
          {
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "4.0 (server)"
          },
          {
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "4.0 (terminal_srv)"
          },
          {
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "4.0 (workstation)"
          },
          {
            "model": "windows xp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "sp3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "6.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "7.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "7.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "7.2"
          },
          {
            "model": "windows xp gold",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "0"
          },
          {
            "model": "windows nt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "5.0"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "4.0.1"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "3.0.1"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "2.1"
          },
          {
            "model": "ios 12.0 s7",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 bx",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 st1",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e8",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s8",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 w5",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ios 12.0 xe?",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "30003.1"
          },
          {
            "model": "ios 12.0 s1",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 wc1",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xu",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 db1",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xk",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 st2",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ey",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e3",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 db2",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "30003.0.3"
          },
          {
            "model": "ios 12.1 ex",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "snmp",
            "scope": null,
            "trust": 0.6,
            "vendor": "snmp",
            "version": null
          },
          {
            "model": "sunnet manager sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.3"
          },
          {
            "model": "sunnet manager intel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.3"
          },
          {
            "model": "sunmc rr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "3.0"
          },
          {
            "model": "sunmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "3.0"
          },
          {
            "model": "sunmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.1.1"
          },
          {
            "model": "enterprise server ssp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "100003.5"
          },
          {
            "model": "enterprise server ssp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "100003.4"
          },
          {
            "model": "enterprise server ssp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "100003.3"
          },
          {
            "model": "research mid-level manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snmp",
            "version": "15.3"
          },
          {
            "model": "research enterpol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snmp",
            "version": "15.3"
          },
          {
            "model": "research dr-web manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snmp",
            "version": "15.3"
          },
          {
            "model": "emulex 1gbit fibrechannel hub",
            "scope": null,
            "trust": 0.3,
            "vendor": "sgi",
            "version": null
          },
          {
            "model": "brocade",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "2.6.0"
          },
          {
            "model": "networks aos",
            "scope": null,
            "trust": 0.3,
            "vendor": "redback",
            "version": null
          },
          {
            "model": "realplayer intranet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "realnetworks",
            "version": "5.0"
          },
          {
            "model": "software tcpware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "process",
            "version": "5.5"
          },
          {
            "model": "software multinet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "process",
            "version": "4.4"
          },
          {
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.2"
          },
          {
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.1"
          },
          {
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.0"
          },
          {
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.5"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "6.0"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "5.1"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "5.0"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "4.11"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "4.2"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "4.0"
          },
          {
            "model": "ipso",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.4.1"
          },
          {
            "model": "ipso",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.4"
          },
          {
            "model": "ipso",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.3.1"
          },
          {
            "model": "ipso",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.3"
          },
          {
            "model": "ipso",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.1.3"
          },
          {
            "model": "ucd-snmp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "net snmp",
            "version": "4.2.1"
          },
          {
            "model": "ucd-snmp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "net snmp",
            "version": "4.1.1"
          },
          {
            "model": "windows xp professional",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows xp home",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows nt workstation sp6a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp6a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp6a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "98"
          },
          {
            "model": "windows terminal services sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows terminal services sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows terminal services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows professional sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows professional sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows datacenter server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows datacenter server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows datacenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows advanced server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows advanced server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows advanced server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "domino snmp agents solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1x86"
          },
          {
            "model": "domino snmp agents solaris sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "model": "domino snmp agents hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "model": "lrs",
            "scope": null,
            "trust": 0.3,
            "vendor": "lantronix",
            "version": null
          },
          {
            "model": "junos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "5.1"
          },
          {
            "model": "junos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "5.0"
          },
          {
            "model": "solutions router ip console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "innerdive",
            "version": "3.3.0.406"
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.3"
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.2"
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.1"
          },
          {
            "model": "secure os software for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.0"
          },
          {
            "model": "procurve switch 8000m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch 4108gl-bundle",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch 4108gl",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch 4000m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2525"
          },
          {
            "model": "procurve switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2524"
          },
          {
            "model": "procurve switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2512"
          },
          {
            "model": "procurve switch 2424m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch 2400m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch 1600m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "ov/sam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1"
          },
          {
            "model": "openview network node manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.10"
          },
          {
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.211.x"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.210.x"
          },
          {
            "model": "openview network node manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.111.x"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.110.x"
          },
          {
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "model": "openview network node manager nt 4.x/windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.02000"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.011.x"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.010.20"
          },
          {
            "model": "openview network node manager windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0.23.51/4.0"
          },
          {
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.01"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.01"
          },
          {
            "model": "openview network node manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.01"
          },
          {
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.11"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.11"
          },
          {
            "model": "openview extensible snmp agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.0"
          },
          {
            "model": "openview emanate snmp agent solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "14.22.x"
          },
          {
            "model": "openview emanate snmp agent hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "14.211.x"
          },
          {
            "model": "openview emanate snmp agent hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "14.210.20"
          },
          {
            "model": "openview distributed management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "model": "openview distributed management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.03"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.5"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.5"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.5"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.0"
          },
          {
            "model": "mc/serviceguard",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "jetdirect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.20.00"
          },
          {
            "model": "jetdirect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.08.00"
          },
          {
            "model": "ito/vpo/ovo unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.04"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.24"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.20"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.0"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.20"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.10"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "model": "ems a.03.20",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "ems a.03.10",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "ems a.03.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "gzip",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gnu",
            "version": "3.1.02"
          },
          {
            "model": "services nmserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "comtek",
            "version": "3.4"
          },
          {
            "model": "associates unicenter",
            "scope": null,
            "trust": 0.3,
            "vendor": "computer",
            "version": null
          },
          {
            "model": "unixware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "7.1.1"
          },
          {
            "model": "unixware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "7.1.0"
          },
          {
            "model": "unixware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "7"
          },
          {
            "model": "openunix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "8.0"
          },
          {
            "model": "openserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "5.0.6"
          },
          {
            "model": "openserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "5.0.5"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0.14"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0.13"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0.12"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0.11"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.21"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.19"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.18"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.17"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.16"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.15"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.14"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.13"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.12"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.11"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.20"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.10"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.09"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.08"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.07"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.06"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.05"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.04"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.03"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.02"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1"
          },
          {
            "model": "cacheos",
            "scope": null,
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": null
          },
          {
            "model": "web nms msp edition",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "web nms",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "snmp utilities",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "snmp api",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "mediation server",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "management builder",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "fault management toolkit",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "configuration management toolkit",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "cli api",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "agent toolkit java/jmx edition",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "agent toolkit c edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "webcache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "3000"
          },
          {
            "model": "webcache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "1000"
          },
          {
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "4900"
          },
          {
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "4400"
          },
          {
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "3300"
          },
          {
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "1100"
          },
          {
            "model": "ps hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "50"
          },
          {
            "model": "ps hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "40"
          },
          {
            "model": "dual speed hub",
            "scope": null,
            "trust": 0.3,
            "vendor": "3com",
            "version": null
          },
          {
            "model": "brocade .0d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "2.6"
          },
          {
            "model": "ipso",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.4.2"
          },
          {
            "model": "ucd-snmp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "net snmp",
            "version": "4.2.2"
          },
          {
            "model": "solutions router ip console",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "innerdive",
            "version": "3.3.0.407"
          },
          {
            "model": "jetdirect",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.21.00"
          },
          {
            "model": "jetdirect",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.08.32"
          },
          {
            "model": "ios 12.0 wc 2900xl-lre",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "cbos a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4700"
          },
          {
            "model": "ios 12.2 yb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.7"
          },
          {
            "model": "as5850",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xk2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1000"
          },
          {
            "model": "ios 12.1aa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xe2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 ca1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.1.2"
          },
          {
            "model": "ios 12.0s",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hosting solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.3"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1(4.206)"
          },
          {
            "model": "netranger sensor",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yc2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.2"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "as5200",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1da",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vg248 analog phone gateway",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2gs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7750"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4(8)"
          },
          {
            "model": "ios 12.0 wt6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5.1"
          },
          {
            "model": "traffic director",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "ios 12.1 e5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 b2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 t3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3"
          },
          {
            "model": "ios 12.0 xn",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ya2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "as5300",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "icdn software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30002.0"
          },
          {
            "model": "cbos b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.2"
          },
          {
            "model": "ios 11.1 cc4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 4840g",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1 aa4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.2"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "39203.0(7)"
          },
          {
            "model": "secure ids network sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ios 12.2 mx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7100"
          },
          {
            "model": "cva120",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xt3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst native mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "560"
          },
          {
            "model": "ios 12.1 ea1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2sa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yh",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2b",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1005"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.015"
          },
          {
            "model": "ios 12.2 mx1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(1.200)"
          },
          {
            "model": "bpx/igx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12000"
          },
          {
            "model": "content distribution manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4670"
          },
          {
            "model": "ap340",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10700"
          },
          {
            "model": "css11000 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.1"
          },
          {
            "model": "ios 12.1 xi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "distributed director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2501"
          },
          {
            "model": "ios 12.1ec",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "intelligent contact manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.0(1)"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3000"
          },
          {
            "model": "ios 12.1 yi1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 2948g",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 da",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6"
          },
          {
            "model": "ios 12.1 ew",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4(7.202)"
          },
          {
            "model": "ios 12.2 xd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 ya",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "local director",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2bx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 da1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(5)xv5"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4232"
          },
          {
            "model": "ios 12.1 ec",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "user registration tool vlan policy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 dd3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hosting solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(1)"
          },
          {
            "model": "ios 11.1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "igx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 t4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 8540csr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8240",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2dd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0st",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 w5",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7010"
          },
          {
            "model": "unity server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst hybrid mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "ios 12.0 wc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(1)"
          },
          {
            "model": "icdn software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "snmpc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.0.4"
          },
          {
            "model": "ios 12.0 st5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0w5",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2bc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.0"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ios 12.0 sl4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst network analysis module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.2"
          },
          {
            "model": "ios 12.2t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xb3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 db2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82301.2.10"
          },
          {
            "model": "ios 12.1 ey",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "ios 12.0 xs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "590"
          },
          {
            "model": "ios 12.2s",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82501.2.10"
          },
          {
            "model": "catalyst msm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "nsp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6400"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4"
          },
          {
            "model": "ios 12.1 yd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "info center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "ios 12.0 wx5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 yc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e8",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "arrowpoint cs11000",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "secure ids host sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2950"
          },
          {
            "model": "ios 11.1 ct",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ubr7200",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xw",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.3"
          },
          {
            "model": "ios 12.2bc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1ia",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 8540msr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(5)xv4"
          },
          {
            "model": "ios 12.1 t12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "microswitch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1548"
          },
          {
            "model": "ios 12.1 e12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ios 12.0 sx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4000"
          },
          {
            "model": "ios 12.0 st",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 8510csr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xs1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "bpx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea2b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xz7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 b4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2920"
          },
          {
            "model": "ios 12.1 ea1b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2p",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xk3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2600"
          },
          {
            "model": "as5800",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6200"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1700"
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "507"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7000"
          },
          {
            "model": "ios 12.1 e7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.5.1"
          },
          {
            "model": "ios 12.2 t1a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1(2)"
          },
          {
            "model": "ios 12.2 xa5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.1"
          },
          {
            "model": "ios 12.1 ew1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1ca",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.053"
          },
          {
            "model": "catalyst 2948g-l3",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2900"
          },
          {
            "model": "ios 12.2 mb3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(2)"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ios 12.2 t0a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.7"
          },
          {
            "model": "ios 12.0 wc2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ap350",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 dx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 sl6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "as5400",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0sp",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst xl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3500"
          },
          {
            "model": "ios 12.0 wc2b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1400"
          },
          {
            "model": "ios 12.1 yb5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xn1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.1.1"
          },
          {
            "model": "ios 12.1 e6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(3)"
          },
          {
            "model": "bts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10200"
          },
          {
            "model": "ios 12.0 sx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.8"
          },
          {
            "model": "ubr900",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(2)"
          },
          {
            "model": "ios 12.2 xb4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1aa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ios 12.0 t2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xg",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(7)"
          },
          {
            "model": "ios 12.1 xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 sa6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "sc2200/vsc3000",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wan manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xu",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xm2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 aa1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xp",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xh2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0wx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6400"
          },
          {
            "model": "infocenter",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(5)"
          },
          {
            "model": "cache engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "570"
          },
          {
            "model": "call manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xa1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 sc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 bc1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ex",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8260",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(6)"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.1.4"
          },
          {
            "model": "ios 12.1 yi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.0"
          },
          {
            "model": "ios 12.2 xj1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 bc1a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "ios 12.1 xm7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xe",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1.6"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "ios 12.1 ya",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "content router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4430"
          },
          {
            "model": "catalyst supervisor module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "ap352",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7600"
          },
          {
            "model": "internet cdn content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7320"
          },
          {
            "model": "ios 12.1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.3"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0(7)xv"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(3.210)"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(13)"
          },
          {
            "model": "ios 12.2da",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cache engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "505"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0.1"
          },
          {
            "model": "catalyst xl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2900"
          },
          {
            "model": "netranger",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1dc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "ios 12.1 ex3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4"
          },
          {
            "model": "ios 12.0sl",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "br350",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5000"
          },
          {
            "model": "ios 12.2 xt3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "content delivery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4650"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.0"
          },
          {
            "model": "ios 12.0 st3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(5)xv"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4500"
          },
          {
            "model": "ios 12.2 xw1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 da3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "br352",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xu2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "ons metro edge optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15327"
          },
          {
            "model": "ios 12.2 xk",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ey3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "microhub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1500"
          },
          {
            "model": "ios 12.2 t",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yf4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yh3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7320"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "ios 12.0sc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4232-13"
          },
          {
            "model": "ios 11.0",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst msfc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "mgx-8220",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "element management framework",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xh",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3600"
          },
          {
            "model": "catalyst 4908g-l3",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wgb340",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ciscoworks windows/wug",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(5)"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2"
          },
          {
            "model": "ios 12.0 s2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8850 r1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 st4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 gs6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82501.2.11"
          },
          {
            "model": "ios 12.0 xf1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.1"
          },
          {
            "model": "rsfc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "ios 12.1 ec1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1 ia",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ws-x6624",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea2a",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yd6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.5"
          },
          {
            "model": "ios 11.1 ca2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "icdn software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "secure pix firewall",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7500"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3200"
          },
          {
            "model": "ios 12.2 xi1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82301.2.11"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "wgb352",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cat6k nam",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "br340",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xf5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "fasthub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4001.0"
          },
          {
            "model": "ios 12.2 xi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1"
          },
          {
            "model": "ios 12.1 ea2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2mb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rsm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0wt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "nrp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6400"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1.6"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.4"
          },
          {
            "model": "ws-x6608",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 by2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1600"
          },
          {
            "model": "ios 12.1 xz",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xl4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xs?",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.9"
          },
          {
            "model": "catalyst 8510msr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xm1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2500"
          },
          {
            "model": "ios 12.2 ya1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "service expansion shelf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xn",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 s",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst msfc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3"
          },
          {
            "model": "ios 12.0 xe1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "iad",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8110"
          },
          {
            "model": "ios 12.1 ex4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xe2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4000"
          },
          {
            "model": "ios 12.1 e9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "ios 11.1ct",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3(3)"
          },
          {
            "model": "ios 12.1 xp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7300"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3550"
          },
          {
            "model": "ios 12.1t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8850 r2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xd3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea1a",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "internet cdn content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "590"
          },
          {
            "model": "ciscoworks windows",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 aa",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.2"
          },
          {
            "model": "ios 12.2 xk2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "esr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10000"
          },
          {
            "model": "ls1010 atm switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 dc1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.7.002"
          },
          {
            "model": "content router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4450"
          },
          {
            "model": "ios 12.1 xi8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3900"
          },
          {
            "model": "ios 11.3 db1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "800"
          },
          {
            "model": "mc3810",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 by",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "as5350",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1cc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xj",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7200"
          },
          {
            "model": "content delivery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4630"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4(4)"
          },
          {
            "model": "catalyst 4912g",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "intelligent contact manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "cbos ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.2"
          },
          {
            "model": "ios 12.0dc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2.1"
          },
          {
            "model": "ios 12.2 xl",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ubr10000",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.0(2)"
          },
          {
            "model": "ios 12.2 xs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2.1"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0013"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:ibm:aix",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:vvos",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_2000",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows-9x",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_nt",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:microsoft:windows_xp",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2002-0013",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2002-0013",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2002-0013",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#107186",
                "trust": 0.8,
                "value": "69.26"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#854306",
                "trust": 0.8,
                "value": "42.64"
              },
              {
                "author": "NVD",
                "id": "CVE-2002-0013",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200202-004",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2002-0013",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-0013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0013"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite.  NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor.  This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code \u30fb If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability.  It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. \nThe resultant crash may be due to a buffer overflow condition.  If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. \nMultiple vulnerabilities have been discovered in a number of SNMP implementations.  The vulnerabilities are known to exist in the process of decoding and interpreting SNMP request messages. \nAmong the possible consequences are denial of service and allowing attackers to compromise target systems.  These depend on the individual vulnerabilities in each affected product.  A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. \nIt is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance.  The affected device may reset, or require a manual reset to regain functionality. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2002-03: Multiple Vulnerabilities in Many\nImplementations of the Simple Network Management Protocol (SNMP)\n\n   Original release date: February 12, 2002\n   Last revised: --\n   Source: CERT/CC\n\n   A complete revision history can be found at the end of this file. \n\nSystems Affected\n\n   Products  from  a  very  wide  variety of vendors may be affected. See\n   Vendor Information for details from vendors who have provided feedback\n   for this advisory. \n\n   In  addition to the vendors who provided feedback for this advisory, a\n   list  of  vendors  whom  CERT/CC contacted regarding these problems is\n   available from\n   http://www.kb.cert.org/vuls/id/854306\n   http://www.kb.cert.org/vuls/id/107186 \n\n   Many  other systems making use of SNMP may also be vulnerable but were\n   not specifically tested. \n\n   In addition to this advisory, we also have an FAQ available at\n   http://www.cert.org/tech_tips/snmp_faq.html\n\nI. \n   Version  1  of  the  protocol  (SNMPv1)  defines several types of SNMP\n   messages  that  are  used  to  request  information  or  configuration\n   changes,  respond  to  requests,  enumerate  SNMP  objects,  and  send\n   unsolicited  alerts.  The  Oulu  University  Secure  Programming Group\n   (OUSPG,  http://www.ee.oulu.fi/research/ouspg/)  has reported numerous\n   vulnerabilities in SNMPv1 implementations from many different vendors. \n   More information about SNMP and OUSPG can be found in Appendix C\n\n   OUSPG\u0027s  research  focused  on  the  manner in which SNMPv1 agents and\n   managers  handle  request  and  trap  messages. A trap message\n     may  indicate  a warning or error condition or otherwise notify the\n     manager about the agent\u0027s state. Request\n     messages  might be issued to obtain information from an agent or to\n     instruct  the  agent to configure the host device. \n\n   Vulnerabilities  in  the  decoding  and  subsequent processing of SNMP\n   messages  by  both managers and agents may result in denial-of-service\n   conditions,  format string vulnerabilities, and buffer overflows. Some\n   vulnerabilities  do  not  require  the SNMP message to use the correct\n   SNMP community string. \n\n   These   vulnerabilities   have   been  assigned  the  CVE  identifiers\n   CAN-2002-0012 and CAN-2002-0013, respectively. \n\nII. \n\nIII. Solution\n\n   Note  that  many  of  the  mitigation steps recommended below may have\n   significant  impact on your everyday network operations and/or network\n   architecture.  Ensure  that  any  changes  made based on the following\n   recommendations  will  not  unacceptably  affect  your ongoing network\n   operations capability. \n\nApply a patch from your vendor\n\n   Appendix A contains information provided by vendors for this advisory. \n   Please  consult this appendix to determine if you need to contact your\n   vendor directly. \n\nDisable the SNMP service\n\n   As  a  general  rule,  the CERT/CC recommends disabling any service or\n   capability   that   is   not   explicitly  required,  including  SNMP. \n   Unfortunately,  some  of  the  affected  products exhibited unexpected\n   behavior  or  denial  of  service conditions when exposed to the OUSPG\n   test  suite  even  if  SNMP was not enabled. In these cases, disabling\n   SNMP should be used in conjunction with the filtering practices listed\n   below to provide additional protection. \n\nIngress filtering\n\n   As a temporary measure, it may be possible to limit the scope of these\n   vulnerabilities  by  blocking  access  to SNMP services at the network\n   perimeter. \n\n   Ingress  filtering  manages the flow of traffic as it enters a network\n   under  your  administrative  control.  Servers  are typically the only\n   machines that need to accept inbound traffic from the public Internet. \n   In  the  network usage policy of many sites, there are few reasons for\n   external hosts to initiate inbound traffic to machines that provide no\n   public  services.  Thus,  ingress filtering should be performed at the\n   border   to   prohibit   externally   initiated   inbound  traffic  to\n   non-authorized  services. For SNMP, ingress filtering of the following\n   ports  can  prevent  attackers  outside of your network from impacting\n   vulnerable  devices  in  the  local  network  that  are not explicitly\n   authorized to provide public SNMP services. \n\n   snmp     161/udp     # Simple Network Management Protocol (SNMP)\n   snmp     162/udp     # SNMP system management messages\n\n   The  following  services  are  less  common,  but  may be used on some\n   affected products\n\n   snmp               161/tcp     #  Simple  Network  Management Protocol\n   (SNMP)\n   snmp               162/tcp     # SNMP system management messages\n   smux               199/tcp     # SNMP Unix Multiplexer\n   smux               199/udp     # SNMP Unix Multiplexer\n   synoptics-relay    391/tcp     # SynOptics SNMP Relay Port\n   synoptics-relay    391/udp     # SynOptics SNMP Relay Port\n   agentx             705/tcp     # AgentX\n   snmp-tcp-port     1993/tcp     # cisco SNMP TCP port\n   snmp-tcp-port     1993/udp     # cisco SNMP TCP port\n\n   As  noted  above, you should carefully consider the impact of blocking\n   services that you may be using. \n\n   It  is  important  to note that in many SNMP implementations, the SNMP\n   daemon may bind to all IP interfaces on the device. This has important\n   consequences  when  considering  appropriate packet filtering measures\n   required  to  protect  an  SNMP-enabled device. For example, even if a\n   device  disallows  SNMP  packets  directed  to the IP addresses of its\n   normal  network  interfaces, it may still be possible to exploit these\n   vulnerabilities  on that device through the use of packets directed at\n   the following IP addresses:\n     * \"all-ones\" broadcast address\n     * subnet broadcast address\n     * any  internal  loopback  addresses  (commonly  used in routers for\n       management purposes, not to be confused with the IP stack loopback\n       address 127.0.0.1)\n\n   Careful  consideration  should  be  given  to  addresses  of the types\n   mentioned  above  by  sites  planning  for packet filtering as part of\n   their mitigation strategy for these vulnerabilities. \n\n   Finally,  sites may wish to block access to the following RPC services\n   related to SNMP (listed as name, program ID, alternate names)\n\n   snmp               100122  na.snmp snmp-cmc snmp-synoptics snmp-unisys\n   snmp-utk\n   snmpv2             100138  na.snmpv2     # SNM Version 2.2.2\n   snmpXdmid          100249\n\n   Please  note  that  this workaround may not protect vulnerable devices\n   from internal attacks. \n\nFilter SNMP traffic from non-authorized internal hosts\n\n   In  many networks, only a limited number of network management systems\n   need to originate SNMP request messages. This can reduce, but not wholly eliminate, the\n   risk  from  internal attacks. However, it may have detrimental effects\n   on  network  performance  due  to  the  increased  load imposed by the\n   filtering, so careful consideration is required before implementation. \n   Similar  caveats  to  the  previous workaround regarding broadcast and\n   loopback addresses apply. \n\nChange default community strings\n\n   Most  SNMP-enabled  products  ship  with  default community strings of\n   \"public\"  for read-only access and \"private\" for read-write access. As\n   with   any   known  default  access  control  mechanism,  the  CERT/CC\n   recommends  that network administrators change these community strings\n   to  something  of  their  own  choosing.  However, even when community\n   strings  are changed from their defaults, they will still be passed in\n   plaintext and are therefore subject to packet sniffing attacks. SNMPv3\n   offers additional capabilities to ensure authentication and privacy as\n   described in RFC2574. \n\n   Because  many of the vulnerabilities identified in this advisory occur\n   before  the  community  strings are evaluated, it is important to note\n   that  performing  this  step  alone  is not sufficient to mitigate the\n   impact  of  these vulnerabilities. Nonetheless, it should be performed\n   as part of good security practice. \n\nSegregate SNMP traffic onto a separate management network\n\n   In  situations  where  blocking  or  disabling  SNMP  is not possible,\n   exposure  to  these  vulnerabilities may be limited by restricting all\n   SNMP  access  to  separate,  isolated management networks that are not\n   publicly  accessible.  Although  this would ideally involve physically\n   separate networks, that kind of separation is probably not feasible in\n   most environments. Mechanisms such as virtual LANs (VLANs) may be used\n   to  help  segregate  traffic  on  the same physical network. Note that\n   VLANs  may  not  strictly  prevent  an  attacker from exploiting these\n   vulnerabilities,  but  they may make it more difficult to initiate the\n   attacks. \n\n   Another  option  is  for  sites  to  restrict SNMP traffic to separate\n   virtual private networks (VPNs), which employ cryptographically strong\n   authentication. \n\n   Note  that  these  solutions may require extensive changes to a site\u0027s\n   network architecture. \n\nEgress filtering\n\n   Egress  filtering  manages  the flow of traffic as it leaves a network\n   under your administrative control. There is typically limited need for\n   machines providing public services to initiate outbound traffic to the\n   Internet.  In  the  case  of  SNMP  vulnerabilities,  employing egress\n   filtering on the ports listed above at your network border can prevent\n   your network from being used as a source for attacks on other sites. \n\nDisable stack execution\n\n   Disabling  executable  stacks  (on systems where this is configurable)\n   can  reduce  the  risk  of  \"stack  smashing\"  attacks  based on these\n   vulnerabilities. Although this does not provide 100 percent protection\n   against exploitation of these vulnerabilities, it makes the likelihood\n   of a successful exploit much smaller. On many UNIX systems, executable\n   stacks can be disabled by adding the following lines to /etc/system:\n\n   set noexec_user_stack = 1 set noexec_user_stack_log = 1\n\n   Note  that  this  may  go  against the SPARC and Intel ABIs and can be\n   bypassed  as required in programs with mprotect(2). For the changes to\n   take effect you will then need to reboot. \n\n   Other  operating  systems and architectures also support the disabling\n   of executable stacks either through native configuration parameters or\n   via  third-party  software.  Consult  your  vendor(s)  for  additional\n   information. \n\nShare tools and techniques\n\n   Because  dealing with these vulnerabilities to systems and networks is\n   so  complex, the CERT/CC will provide a forum where administrators can\n   share  ideas  and  techniques  that  can  be  used  to  develop proper\n   defenses.  We  have created an unmoderated mailing list for system and\n   network administrators to discuss helpful techniques and tools. \n\n   You  can  subscribe to the mailing list by sending an email message to\n   majordomo@cert.org. In the body of the message, type\n\n   subscribe snmp-forum\n\n   After you receive the confirmation message, follow the instructions in\n   the message to complete the subscription process. \n\nAppendix A. - Vendor Information\n\n   This  appendix  contains  information  provided  by  vendors  for this\n   advisory.  As  vendors  report new information to the CERT/CC, we will\n   update this section and note the changes in our revision history. If a\n   particular  vendor  is  not  listed  below, we have not received their\n   comments. \n\nAdventNet\n\n     This  is in reference to your notification regarding [VU#107186 and\n     VU#854306]  and  OUSPG#0100.   AdventNet  Inc.  has reproduced this\n     behavior  in  their  products and coded a Service Pack fix which is\n     currently   in   regression   testing   in  AdventNet  Inc.\u0027s  Q.A. \n     organization.    The  release  of  AdventNet  Inc\u0027s.  Service  Pack\n     correcting  the  behavior  outlined in VU#617947, and OUSPG#0100 is\n     scheduled  to  be  generally  available  to all of AdventNet Inc.\u0027s\n     customers by February 20, 2002. \n\nAvaya\n\n     Avaya  Inc. \n\nCacheFlow\n\n     The  purpose of this email is to advise you that CacheFlow Inc. has\n     provided a software update. Please be advised that updated versions\n     of  the  software  are  now  available  for all supported CacheFlow\n     hardware  platforms,  and may be obtained by CacheFlow customers at\n     the following URL:\n\n          http://download.cacheflow.com/\n\n   The  specific reference to the software update is contained within the\n   Release  Notes  for  CacheOS  Versions 3.1.22 Release ID 17146, 4.0.15\n   Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149. \n\n   RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS:\n     * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm\n\n   RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS:\n     * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm\n     * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm\n     * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm\n\n     * SR   1-1647517,   VI  13045:  This  update  modified  a  potential\n     vulnerability by using an SNMP test tools exploit. \n\n3Com Corporation\n\n     A  vulnerability to an SNMP packet with an invalid length community\n     string  has  been  resolved  in  the  following products. Customers\n     concerned  about  this  weakness should ensure that they upgrade to\n     the following agent versions:\n     PS Hub 40\n     2.16 is due Feb 2002\n     PS Hub 50\n     2.16 is due Feb 2002\n     Dual Speed Hub\n     2.16 is due Jan 2002\n     Switch 1100/3300\n     2.68 is available now\n     Switch 4400\n     2.02 is available now\n     Switch 4900\n     2.04 is available now\n     WebCache1000/3000\n     2.00 is due Jan 2002\n\nCaldera\n\n     Caldera   International,  Inc.  has  reproduced  faulty behavior in\n     Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX\n     8.  We have coded a software fix for  supported versions of Caldera\n     UnixWare  7  and  Caldera  Open UNIX 8 that will  be available from\n     our   support   site  at  http://stage.caldera.com/support/security\n     immediately  following the publication of this CERT announcement. A\n     fix  for  supported versions of OpenServer 5 will be available at a\n     later date. \n\nCisco Systems\n\n     Cisco  Systems  is  addressing  the  vulnerabilities  identified by\n     VU#854306  and VU#107186 across its entire product line. Cisco will\n     publish    a    security   advisory   with   further   details   at\n     http://www.cisco.com/go/psirt/. \n\nCompaq Computer Corporation\n\n     x-ref: SSRT0779U SNMP\n     At  the time of writing this document, COMPAQ continues to evaluate\n     this potential problem and when new versions of SNMP are available,\n     COMPAQ  will implement solutions based on the new code. Compaq will\n     provide  notice  of  any  new  patches  as  a result of that effort\n     through  standard  patch  notification  procedures and be available\n     from your normal Compaq Services support channel. \n\nComputer Associates\n\n     Computer  Associates  has  confirmed Unicenter vulnerability to the\n     SNMP  advisory identified by CERT notification reference [VU#107186\n     \u0026   VU#854306]   and   OUSPG#0100.   We  have  produced  corrective\n     maintenance  to  address  these  vulnerabilities,  which  is in the\n     process  of publication for all applicable releases / platforms and\n     will  be  offered  through the CA Support site.  Please contact our\n     Technical    Support   organization   for   information   regarding\n     availability / applicability for your specific configuration(s). \n\nCOMTEK Services, Inc. \n\n     NMServer  for  AS/400  is  not  an SNMP master and is therefore not\n     vulnerable.  However  this  product  requires the use of the AS/400\n     SNMP  master  agent  supplied  by  IBM. \n\n     NMServer   for  OpenVMS  has  been  tested  and  has  shown  to  be\n     vulnerable.  COMTEK  Services  is  preparing  a new release of this\n     product  (version  3.5)  which will contain a fix for this problem. \n     This  new  release  is  scheduled to be available in February 2002. \n     Contact COMTEK Services for further information. \n\n     NMServer  for VOS has not as yet been tested; vulnerability of this\n     agent  is  unknown.  Contact for further information on the testing\n     schedule of the VOS product. \n\nCovalent Technologies\n\n     Covalent Technologies ERS (Enterprise Ready Server), Secure Server,\n     and  Conductor  SNMP module are not vulnerable according to testing\n     performed   in   accordance  with  CERT  recommendations.  Security\n     information for Covalent products can be found at www.covalent.net\n\nDartware, LLC\n\n     Dartware,  LLC  (www.dartware.com)  supplies  two products that use\n     SNMPv1  in  a  manager  role,  InterMapper  and SNMP Watcher.  This statement applies to all present\n     and past versions of these two software packages. \n\nDMH Software\n\n     DMH  Software  is  in  the  process of evaluating and attempting to\n     reproduce this behavior. \n     It  is  unclear at this point if our snmp-agent is sensitive to the\n     tests described above. \n     If  any  problems  will  be  discovered,  DMH  Software will code a\n     software fix. \n     The  release of DMH Software OS correcting the behavior outlined in\n     VU#854306, VU#107186, and OUSPG#0100 will be generally available to\n     all of DMH Software\u0027s customers as soon as possible. \n\nEnGarde Secure Linux\n\n     EnGarde  Secure  Linux  did  not  ship any SNMP packages in version\n     1.0.1 of our distribution, so we are not vulnerable to either bug. \n\nFreeBSD\n\n     FreeBSD  does  not  include any SNMP software by default, and so is\n     not vulnerable.  However, the FreeBSD Ports Collection contains the\n     UCD-SNMP   /   NET-SNMP   package.    Package   versions  prior  to\n     ucd-snmp-4.2.3  are  vulnerable.   The upcoming FreeBSD 4.5 release\n     will  ship  the  corrected  version  of  the  UCD-SNMP  /  NET-SNMP\n     package.   In  addition,  the  corrected version of the packages is\n     available from the FreeBSD mirrors. \n\n     FreeBSD   has   issued  the  following  FreeBSD  Security  Advisory\n     regarding the UCD-SNMP / NET-SNMP package:\n     ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09. \n     snmp.asc. \n\nHewlett-Packard Company\n\n     SUMMARY - known vulnerable:\n     ========================================\n     hp procurve switch 2524\n     NNM  (Network Node Manager)\n     JetDirect Firmware (Older versions only)\n     HP-UX Systems running snmpd or OPENVIEW\n     MC/ServiceGuard\n     EMS\n     Still under investigation:\n     SNMP/iX (MPE/iX)\n     ========================================\n     _________________________________________________________\n     ---------------------------------------------------------\n     hp procurve switch 2524 \n     ---------------------------------------------------------\n     hp procurve switch 2525 (product J4813A) is vulnerable to some\n     issues, patches in process. Watch for the associated HP\n     Security Bulletin. \n     ---------------------------------------------------------\n     NNM  (Network Node Manager)\n     ---------------------------------------------------------\n     Some problems were found in NNM product were related to\n     trap handling. Patches in process. Watch for the\n     associated HP Security Bulletin. \n     ---------------------------------------------------------\n     JetDirect Firmware (Older versions only)\n     ---------------------------------------------------------\n     ONLY some older versions of JetDirect Firmware are\n     vulnerable to some of the issues.  The older firmware\n     can be upgraded in most cases, see list below. \n     JetDirect Firmware Version    State\n     ==========================    =====\n        X.08.32 and higher     NOT Vulnerable\n        X.21.00 and higher     NOT Vulnerable\n     JetDirect Product Numbers that can be freely\n     upgraded to X.08.32 or X.21.00 or higher firmware. \n     EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)\n     J3110A 10T\n     J3111A 10T/10B2/LocalTalk\n     J3112A Token Ring (discontinued)\n     J3113A 10/100 (discontinued)\n     J4169A 10/100\n     J4167A Token Ring\n     MIO (Peripherals LaserJet 4, 4si, 5si, etc...)\n     J2550A/B 10T (discontinued)\n     J2552A/B 10T/10Base2/LocalTalk (discontinued)\n     J2555A/B Token Ring (discontinued)\n     J4100A 10/100\n     J4105A Token Ring\n     J4106A 10T\n     External Print Servers\n     J2591A EX+ (discontinued)\n     J2593A EX+3 10T/10B2 (discontinued)\n     J2594A EX+3 Token Ring (discontinued)\n     J3263A 300X 10/100\n     J3264A 500X Token Ring\n     J3265A 500X 10/100\n     ----------------------------------------------------------\n     HP-UX Systems running snmpd or OPENVIEW\n     ----------------------------------------------------------\n     The following patches are available now:\n       PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch\n       PHSS_26138 s700_800 11.X  OV EMANATE14.2 Agent Consolidated Patch\n       PSOV_03087 EMANATE Release 14.2 Solaris 2.X  Agent Consolidated\n     Patch\n     All three patches are available from:\n     http://support.openview.hp.com/cpe/patches/\n     In addition PHSS_26137 and PHSS_26138 will soon be available from:\n     http://itrc.hp.com\n     ================================================================\n     NOTE: The patches are labeled OV(Open View). However, the patches\n     are also applicable to systems that are not running Open View. \n     =================================================================\n     Any   HP-UX  10.X  or  11.X  system  running  snmpd  or  snmpdm  is\n     vulnerable. \n     To determine if your HP-UX system has snmpd or snmpdm installed:\n       swlist -l file | grep snmpd\n     If a patch is not available for your platform or you cannot install\n     an  available  patch,  snmpd and snmpdm can be disabled by removing\n     their\n     entries  from  /etc/services  and  removing the execute permissions\n     from\n     /usr/sbin/snmpd and /usr/sbin/snmpdm. \n     ----------------------------------------------------------------\n     Investigation completed, systems vulnerable. \n     ----------------------------------------------------------------\n     MC/ServiceGuard\n     Event Monitoring System  (EMS)\n     ----------------------------------------------------------------\n       Still under investigation:\n     ----------------------------------------------------------------\n     SNMP/iX (MPE/iX)\n\nHirschmann Electronics GmbH \u0026 Co. KG\n\n     Hirschmann  Electronics  GmbH  \u0026  Co.  KG supplies a broad range of\n     networking  products,  some  of  which  are  affected  by  the SNMP\n     vulnerabilities  identified by CERT Coordination Center. Hirschmann customers may contact our Competence\n     Center (phone +49-7127-14-1538, email:\n     ans-support@nt.hirschmann.de)     for    additional    information,\n     especially  regarding  availability  of  latest  firmware  releases\n     addressing the SNMP vulnerabilities. \n\nIBM Corporation\n\n     Based  upon  the  results  of  running  the  test  suites  we  have\n     determined  that  our  version  of  SNMP  shipped  with  AIX is NOT\n     vulnerable. \n\nInnerdive Solutions, LLC\n\n     Innerdive Solutions, LLC has two SNMP based products:\n     1. The \"SNMP MIB Scout\"\n     (http://www.innerdive.com/products/mibscout/)\n     2. The \"Router IP Console\" (http://www.innerdive.com/products/ric/)\n     The \"SNMP MIB Scout\" is not vulnerable to either bug. \n     The \"Router IP Console\" releases prior to 3.3.0.407 are vulnerable. \n     The release of \"Router IP Console\" correcting the behavior outlined\n     in  OUSPG#0100  is  3.3.0.407 and is already available on our site. \n     Also,  we  will  notify all our customers about this new release no\n     later than March 5, 2002. \n\nJuniper Networks\n\n     This  is  in reference to your notification regarding CAN-2002-0012\n     and  CAN-2002-0013.   Juniper Networks has reproduced this behavior\n     and coded a software fix.  The fix will be included in all releases\n     of  JUNOS Internet software built after January 5, 2002.  Customers\n     with  current  support contracts can download new software with the\n     fix from Juniper\u0027s web site at www.juniper.net. \n     Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can\n     only  be  reproduced  in JUNOS Internet software if certain tracing\n     options  are  enabled.   These options are generally not enabled in\n     production routers. \n\nLantronix, Inc. \n\n     Lantronix  is  committed  to  resolving  security  issues  with our\n     products.  The SNMP security bug you reported has been fixed in LRS\n     firmware version B1.3/611(020123). \n\nLotus Development Corporation\n\n     Lotus    Software   evaluated   the   Lotus   Domino   Server   for\n     vulnerabilities using the test suite materials provided by OUSPG. \n     This  problem  does  not affect default installations of the Domino\n     Server.   However,  SNMP  agents  can  be  installed from the CD to\n     provide  SNMP  services for the Domino Server (these are located in\n     the   /apps/sysmgmt/agents   directory).    The  optional  platform\n     specific  master  and  encapsulator  agents included with the Lotus\n     Domino  SNMP  Agents  for  HP-UX  and Solaris have been found to be\n     vulnerable.  For  those  platforms,  customers  should  upgrade  to\n     version  R5.0.1  a  of  the Lotus Domino SNMP Agents, available for\n     download  from the Lotus Knowledge Base on the IBM Support Web Site\n     (http://www.ibm.com/software/lotus/support/).   Please   refer   to\n     Document  #191059,  \"Lotus Domino SNMP Agents R5.0.1a\", also in the\n     Lotus Knowledge Base, for more details. \n\nLOGEC Systems Inc\n\n     The  products  from  LOGEC  Systems are exposed to SNMP only via HP\n     OpenView.  We  do  not have an implementation of SNMP ourselves. As\n     such,  there is nothing in our products that would be an issue with\n     this alert. \n\nLucent\n\n     Lucent is aware of reports that there is a vulnerability in certain\n     implementations  of  the  SNMP (Simple Network Management Protocol)\n     code  that  is  used in data switches and other hardware throughout\n     the telecom industry. \n     As soon as we were notified by CERT, we began assessing our product\n     portfolio  and  notifying  customers  with  products  that might be\n     affected. \n     Our  5ESS  switch  and  most  of  our  optical  portfolio  were not\n     affected.   Our  core  and  edge  ATM switches and most of our edge\n     access  products  are  affected, but we have developed, tested, and\n     deployed  fixes for many of those products to our customers. \n     We consider the security and reliability of our customers\u0027 networks\n     to  be  one  of  our  critical  measures  of success. We take every\n     reasonable measure to ensure their satisfaction. \n     In  addition,  we  are  working  with  customers on ways to further\n     enhance the security they have in place today. \n\nMarconi\n\n     Marconi  supplies  a  broad range of telecommunications and related\n     products,  some  of  which are affected by the SNMP vulnerabilities\n     identified  here. Those\n     Marconi   customers   with  support  entitlement  may  contact  the\n     appropriate   Technical  Assistance  Center  (TAC)  for  additional\n     information.  Those not under support entitlement may contact their\n     sales representative. \n\nMicrosoft Corporation\n\n     The  Microsoft  Security Reponse [sic] Center has investigated this\n     issue, and provides the following information.  The  SNMP v1 service is not installed or running by\n     default on any version of Windows. A patch is underway to eliminate\n     the  vulnerability.  In  the  meantime,  we recommend that affected\n     customers disable the SNMP v1 service. \n\n     Details:\n     An  SNMP  v1 service ships on the CDs for Windows 95, 98, and 98SE. \n     It  is  not  installed  or  running  by  default  on  any  of these\n     platforms.  An SNMP v1 is NOT provided for Windows ME.  However, it\n     is  possible  that  Windows  98  machines  which  had  the  service\n     installed  and  were  upgraded would still have the service.  Since\n     SNMP  is  not  supported for WinME, customers in this situation are\n     urged to remove the SNMP service. \n     An  SNMP  v1  service  is  available  on  Windows NT 4.0 (including\n     Terminal  Server  Edition) and Windows 2000 but is not installed or\n     running  by  default  on any of these platforms.Windows XP does not\n     ship with an SNMP v1 service. \n\n     Remediation:\n     A  patch  is  underway  for  the  affected  platforms,  and will be\n     released  shortly.  In  the  meantime,  Microsoft  recommends  that\n     customers  who  have  the  SNMP  v1  service  running disable it to\n     protect their systems. Following are instruction for doing this:\n\n     Windows 95, 98 and 98SE:\n     1. In Control Panel, double-click Network. \n     2. On  the  Configuration  tab,  select Microsoft SNMP Agent from the\n        list of installed components. \n     3. Click Remove\n\n     Check the following keys and confirm that snmp.exe is not listed. \n     HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunSer\n     vices\n     HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\n \n     For Windows XP:\n     1. Right-click on My Computer and select Manage\n     2. Click on Services and Applications, then on Services\n     3. Location  SNMP  on  the list of services, then select it and click\n        Stop. \n     4. Select Startup, and click Disabled. \n     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer\n        Management window. \n   \n     For Windows NT 4.0 (including Terminal Server Edition):\n     1. Select Start, then Settings. \n     2. Select Control Panel, then click on the Services Icon\n     3. Locate  SNMP  on  the  list  of services, then select it and click\n        Stop. \n     4. Select Startup, and click Disabled. \n     5. Click OK to close the dialoge [sic], then close Control Panel\n\n     Windows 2000:\n     1. Right-click on My Computer and select Manage\n     2. Click on Services and Applications, then on Services\n     3. Location  SNMP  on  the list of services, then select it and click\n        Stop. \n     4. Select Startup, and click Disabled. \n     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer\n        Management window. \n\nMultinet\n\n     MultiNet  and  TCPware customers should contact Process Software to\n     check  for  the availability of patches for this issue. A couple of\n     minor  problems were found and fixed, but there is no security risk\n     related to the SNMP code included with either product. \n\nNetaphor\n\n     NETAPHOR  SOFTWARE INC. is the creator of Cyberons for Java -- SNMP\n     Manager  Toolkit  and Cyberons for Java -- NMS Application Toolkit,\n     two   Java  based  products  that  may  be  affected  by  the  SNMP\n     vulnerabilities  identified  here.  The  manner  in  which they are\n     affected  and the actions required (if any) to avoid being impacted\n     by  exploitation  of  these  vulnerabilities,  may  be  obtained by\n     contacting  Netaphor  via email at info@netaphor.com Customers with\n     annual support may contact support@netaphor.com directly. Those not\n     under    support    entitlement   may   contact   Netaphor   sales:\n     sales@netaphor.com or (949) 470 7955 in USA. \n\nNetBSD\n\n     NetBSD does not ship with any SNMP tools in our \u0027base\u0027 releases. We\n     do  provide  optional  packages  which  provide various support for\n     SNMP.  These  packages  are  not installed by default, nor are they\n     currently  provided  as  an  install option by the operating system\n     installation tools. A system administrator/end-user has to manually\n     install this with our package management tools. These SNMP packages\n     include:\n          + netsaint-plugin-snmp-1.2.8.4  (SNMP  monitoring  plug-in  for\n            netsaint)\n          + p5-Net-SNMP-3.60 (perl5 module for SNMP queries)\n          + p5-SNMP-3.1.0  (Perl5  module for interfacing to the UCD SNMP\n            library\n          + p5-SNMP_Session-0.83   (perl5  module  providing  rudimentary\n            access to remote SNMP agents)\n          + ucd-snmp-4.2.1  (Extensible  SNMP  implementation) (conflicts\n            with ucd-snmp-4.1.2)\n          + ucd-snmp-4.1.2  (Extensible  SNMP  implementation) (conflicts\n            with ucd-snmp-4.2.1)\n\n     We    do   provide   a   software   monitoring   mechanism   called\n     \u0027audit-packages\u0027,  which allows us to highlight if a package with a\n     range  of  versions  has  a potential vulnerability, and recommends\n     that the end-user upgrade the packages in question. \n\nNetscape Communications Corporation\n\n     Netscape  continues  to be committed to maintaining a high level of\n     quality  in  our  software  and  service  offerings.  Part  of this\n     commitment  includes  prompt response to security issues discovered\n     by organizations such as the CERT Coordination Center. \n     According  to a recent CERT/CC advisory, The Oulu University Secure\n     Programming  Group (OUSPG) has reported numerous vulnerabilities in\n     multiple  vendor  SNMPv1 implementations. \n     We  have  carefully  examined the reported findings, performing the\n     tests  suggested  by the OUSPG to determine whether Netscape server\n     products  were  subject to these vulnerabilities. It was determined\n     that several products fell into this category. As a result, we have\n     created  fixes  which will resolve the issues, and these fixes will\n     appear  in  future  releases  of  our  product  line. To Netscape\u0027s\n     knowledge,  there  are  no known instances of these vulnerabilities\n     being exploited and no customers have been affected to date. \n     When such security warnings are issued, Netscape has committed to -\n     and will continue to commit to - resolving these issues in a prompt\n     and timely fashion, ensuring that our customers receive products of\n     the highest quality and security. \n\nNET-SNMP\n\n     All  ucd-snmp  version  prior  to  4.2.2  are  susceptible  to this\n     vulnerability  and  users  of  versions  prior to version 4.2.2 are\n     encouraged   to   upgrade   their  software  as  soon  as  possible\n     (http://www.net-snmp.org/download/).  Version  4.2.2 and higher are\n     not susceptible. \n\nNetwork Associates\n\n     PGP is not affected, impacted, or otherwise related to this VU#. \n\nNetwork Computing Technologies\n\n     Network   Computing   Technologies  has  reviewed  the  information\n     regarding  SNMP  vulnerabilities and is currently investigating the\n     impact to our products. \n\nNokia\n\n     This  vulnerability  is  known  to affect IPSO versions 3.1.3, 3.3,\n     3.3.1,  3.4,  and  3.4.1.   Patches  are  currently  available  for\n     versions  3.3,  3.3.1,  3.4  and  3.4.1 for download from the Nokia\n     website.   In  addition,  version  3.4.2  shipped  with  the  patch\n     incorporated,  and the necessary fix will be included in all future\n     releases of IPSO. \n     We  recommend customers install the patch immediately or follow the\n     recommended precautions below to avoid any potential exploit. \n     If you are not using SNMP services, including Traps, simply disable\n     the   SNMP   daemon   to   completely   eliminate   the   potential\n     vulnerability. \n     If   you  are  using  only  SNMP  Traps  and  running  Check  Point\n     FireWall-1,  create  a  firewall  policy  to disallow incoming SNMP\n     messages on all appropriate interfaces. Traps will continue to work\n     normally. \n\nNortel Networks\n\n     The  CERT Coordination Center has issued a broad based alert to the\n     technology industry, including Nortel Networks, regarding potential\n     security   vulnerabilities   identified   in   the  Simple  Network\n     Management  Protocol  (SNMP),  a  common  networking  standard. The\n     company   is   working   with  CERT  and  other  network  equipment\n     manufacturers, the U.S. Government, service providers, and software\n     suppliers to assess and address this issue. \n\nNovell\n\n     Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x\n     and  6.0  systems. The SNMP and SNMPLOG vulnerabilities detected on\n     NetWare  are  fixed and will be available through NetWare 6 Support\n     Pack 1 \u0026 NetWare 5.1 Support Pack 4. Support packs are available at\n     http://support.novell.com/tools/csp/\n\nOpenBSD\n\n     OpenBSD does not ship SNMP code. \n\nQualcomm\n\n     WorldMail  does  not  support SNMP by default, so customers who run\n     unmodified installations are not vulnerable. \n\nRedback Networks, Inc. \n\n     Redback  Networks,  Inc.  has  identified that the vulnerability in\n     question  affects  certain versions of AOS software on the SMS 500,\n     SMS  1800,  and  SMS 10000 platforms, and is taking the appropriate\n     steps necessary to correct the issue. \n\nRed Hat\n\n     RedHat has released a security advisiory [sic] at\n     http://www.redhat.com/support/errata/RHSA-2001-163.html\n     with  updated  versions  of  the ucd-snmp package for all supported\n     releases and architectures. For more information or to download the\n     update please visit this page. \n\nSGI\n\n     SGI  acknowledges  the SNMP vulnerabilities reported by CERT and is\n     currently  investigating. \n     For  the  protection  of  all our customers, SGI does not disclose,\n     discuss  or  confirm vulnerabilities until a full investigation has\n     occurred  and  any  necessary  patch(es)  or  release  streams  are\n     available  for all vulnerable and supported IRIX operating systems. \n     Until SGI has more definitive information to provide, customers are\n     encouraged  to  assume  all security vulnerabilities as exploitable\n     and  take  appropriate  steps  according  to  local  site  security\n     policies   and   requirements.   As   further  information  becomes\n     available,  additional advisories will be issued via the normal SGI\n     security  information  distribution  methods  including the wiretap\n     mailing list on http://www.sgi.com/support/security/. \n\nSNMP Research International\n\n     SNMP  Research  has  made  the following vendor statement. They are\n     likely  to  revise  and  expand  the  statement as the date for the\n     public vulnerability announcement draws nearer.   Users  maintaining\n     earlier  releases should update to the current release if they have\n     not  already  done  so. Other Stonesoft\u0027s products are\n     still   under   investigation. \n\n     Sun\u0027s  SNMP  product,  Solstice  Enterprise Agents (SEA), described\n     here:\n     http://www.sun.com/solstice/products/ent.agents/\n     is  affected  by VU#854306 but not VU#107186. More specifically the\n     main  agent  of  SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8. \n     Sun  is  currently  generating  patches  for this issue and will be\n     releasing  a  Sun Security Bulletin once the patches are available. \n     The bulletin will be available from:\n     http://sunsolve.sun.com/security.  Sun  patches are available from:\n     http://sunsolve.sun.com/securitypatch. \n\nSymantec Corporation\n\n     Symantec Corporation has investigated the SNMP issues identified by\n     the  OUSPG test suite and determined that Symantec products are not\n     susceptable [sic] to these issues. \n\nTANDBERG\n\n     Tandberg  have  run  all  the  testcases found the PROTOS test-suie\n     [sic], c06snmpv1:\n     1. c06-snmpv1-trap-enc-pr1.jar\n     2. c06-snmpv1-treq-app-pr1.jar\n     3. c06-snmpv1-trap-enc-pr1.jar\n     4. c06-snmpv1-req-app-pr1.jar\n     The  tests  were  run with standard delay time between the requests\n     (100ms),  but  also  with  a delay of 1ms. The tests applies to all\n     TANDBERG  products (T500, T880, T1000, T2500, T6000 and T8000). The\n     software  tested  on these products were B4.0 (our latest software)\n     and no problems were found when running the test suite. \n\nAppendix B. - References\n         1. http://www.ee.oulu.fi/research/ouspg/protos/\n         2. http://www.kb.cert.org/vuls/id/854306\n         3. http://www.kb.cert.org/vuls/id/107186\n         4. http://www.cert.org/tech_tips/denial_of_service.html\n         5. http://www.ietf.org/rfc/rfc1067.txt\n         6. http://www.ietf.org/rfc/rfc1089.txt\n         7. http://www.ietf.org/rfc/rfc1140.txt\n         8. http://www.ietf.org/rfc/rfc1155.txt\n         9. http://www.ietf.org/rfc/rfc1156.txt\n        10. http://www.ietf.org/rfc/rfc1215.txt\n        11. http://www.ietf.org/rfc/rfc1270.txt\n        12. http://www.ietf.org/rfc/rfc1352.txt\n\nAppendix C. - Background Information\n\n     Background Information on the OUSPG\n\n       OUSPG  is an academic research group located at Oulu University in\n       Finland.  The  purpose  of this research group is to test software\n       for vulnerabilities. \n       History  has  shown  that  the  techniques  used by the OUSPG have\n       discovered a large number of previously undetected problems in the\n       products  and  protocols  they  have  tested.  In  2001, the OUSPG\n       produced a comprehensive test suite for evaluating implementations\n       of  the  Lightweight  Directory  Access Protocol (LDAP). This test\n       suite  was  developed with the strategy of abusing the protocol in\n       unsupported  and  unexpected  ways,  and  it was very effective in\n       uncovering  a  wide  variety  of  vulnerabilities  across  several\n       products.  This approach can reveal vulnerabilities that would not\n       manifest themselves under normal conditions. \n       After  completing  its  work  on  LDAP,  OUSPG  moved its focus to\n       SNMPv1.  As  with  LDAP,  they designed a custom test suite, began\n       testing   a   selection   of  products,  and  found  a  number  of\n       vulnerabilities.  Because  OUSPG\u0027s  work  on  LDAP  was similar in\n       procedure  to its current work on SNMP, you may wish to review the\n       LDAP  Test  Suite  and  CERT  Advisory  CA-2001-18, which outlined\n       results of application of the test suite. \n       In order to test the security of protocols like SNMPv1, the PROTOS\n       project  presents  a  server with a wide variety of sample packets\n       containing  unexpected  values  or  illegally formatted data. As a\n       member of the PROTOS project consortium, the OUSPG used the PROTOS\n       c06-snmpv1  test  suite  to  study  several implementations of the\n       SNMPv1  protocol. Software and\n       firmware products designed for networks often make use of the SNMP\n       protocol.  SNMP  runs  on  a  multitude  of  devices and operating\n       systems, including, but not limited to,\n          + Core  Network  Devices (Routers, Switches, Hubs, Bridges, and\n            Wireless Network Access Points)\n          + Operating Systems\n          + Consumer  Broadband  Network  Devices  (Cable  Modems and DSL\n            Modems)\n          + Consumer Electronic Devices (Cameras and Image Scanners)\n          + Networked   Office  Equipment  (Printers,  Copiers,  and  FAX\n            Machines)\n          + Network and Systems Management/Diagnostic Frameworks (Network\n            Sniffers and Network Analyzers)\n          + Uninterruptible Power Supplies (UPS)\n          + Networked Medical Equipment (Imaging Units and Oscilloscopes)\n          + Manufacturing and Processing Equipment\n       The  SNMP  protocol  is  formally defined in RFC1157. Quoting from\n       that RFC:\n\n                Implicit  in the SNMP architectural model is a collection\n                of  network  management  stations  and  network elements. \n                Network    management    stations    execute   management\n                applications  which monitor and control network elements. \n                Network  elements  are  devices  such as hosts, gateways,\n                terminal  servers,  and  the  like, which have management\n                agents  responsible for performing the network management\n                functions  requested  by the network management stations. \n\n       Additionally,   SNMP  is  discussed  in  a  number  of  other  RFC\n       documents:\n          + RFC 3000 Internet Official Protocol Standards\n          + RFC 1212 Concise MIB Definitions\n          + RFC  1213  Management Information Base for Network Management\n            of TCP/IP-based Internets: MIB-II\n          + RFC  1215  A  Convention  for Defining Traps for use with the\n            SNMP\n          + RFC 1270 SNMP Communications Services\n          + RFC  2570  Introduction to Version 3 of the Internet-standard\n            Network Management Framework\n          + RFC  2571  An  Architecture  for  Describing  SNMP Management\n            Frameworks\n          + RFC  2572  Message  Processing and Dispatching for the Simple\n            Network Management Protocol (SNMP)\n          + RFC 2573 SNMP Applications\n          + RFC 2574 User-based Security Model (USM) for version 3 of the\n            Simple Network Management Protocol (SNMPv3)\n          + RFC  2575  View-based  Access  Control  Model  (VACM) for the\n            Simple Network Management Protocol (SNMP)\n          + RFC  2576  Coexistence  between  Version  1,  Version  2, and\n            Version   3   of  the  Internet-standard  Network  Management\n            Framework\n         _____________________________________________________________\n\n       The  CERT  Coordination  Center  thanks the Oulu University Secure\n       Programming  Group  for reporting these vulnerabilities to us, for\n       providing  detailed  technical  analyses,  and for assisting us in\n       preparing  this  advisory.  We also thank Steven M. Bellovin (AT\u0026T\n       Labs  --  Research),  Wes Hardaker (Net-SNMP), Steve Moulton (SNMP\n       Research),  Tom Reddington (Bell Labs), Mike Duckett (Bell South),\n       Rob   Thomas,  Blue  Boar  (Thievco),  and  the  many  others  who\n       contributed to this document. \n         _____________________________________________________________\n\n       Feedback  on  this document can be directed to the authors, Ian A. \n       Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D. \n       Householder, Marty Lindner, and Art Manion. \n       __________________________________________________________________\n\n       This document is available from:\n       http://www.cert.org/advisories/CA-2002-03.html\n       __________________________________________________________________\n\n       CERT/CC Contact Information\n\n        Email: cert@cert.org\n                Phone: +1 412-268-7090 (24-hour hotline)\n                Fax: +1 412-268-6989\n                Postal address:\n                CERT Coordination Center\n                Software Engineering Institute\n                Carnegie Mellon University\n                Pittsburgh PA 15213-3890\n                U.S.A. \n\n       CERT/CC  personnel  answer  the  hotline  08:00-17:00 EST(GMT-5) /\n       EDT(GMT-4) Monday through Friday; they are on call for emergencies\n       during other hours, on U.S. holidays, and on weekends. \n       \n       Using encryption\n       We  strongly  urge  you  to  encrypt sensitive information sent by\n       email. Our public PGP key is available from\n        http://www.cert.org/CERT_PGP.key\n       If  you  prefer  to use DES, please call the CERT hotline for more\n       information. \n       \n       Getting  security information\n       CERT publications and other security information are available\n       from our web site\n        http://www.cert.org/\n       To   subscribe  to  the  CERT  mailing  list  for  advisories  and\n       bulletins, send email to majordomo@cert.org. Please include in the\n       body of your message\n       \n         subscribe cert-advisory\n       \n       * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n       Patent and Trademark Office. \n       __________________________________________________________________\n\n       NO WARRANTY\n       Any  material  furnished  by  Carnegie  Mellon  University and the\n       Software  Engineering  Institute is furnished on an \"as is\" basis. \n       Carnegie Mellon University makes no warranties of any kind, either\n       expressed  or  implied as to any matter including, but not limited\n       to,   warranty   of   fitness   for   a   particular   purpose  or\n       merchantability,  exclusivity  or results obtained from use of the\n       material. Carnegie Mellon University does not make any warranty of\n       any  kind  with  respect  to  freedom  from  patent, trademark, or\n       copyright infringement. \n         _____________________________________________________________\n\n       Conditions for use, disclaimers, and sponsorship information\n       Copyright 2002 Carnegie Mellon University. \n\nRevision History\n\n       February 12, 2002: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU\nR1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl\nQUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr\nuZiMJ5f2SEo=\n=h42e\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-0013"
          },
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-0013"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          }
        ],
        "trust": 4.59
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=21296",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2002-0013"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#854306",
            "trust": 4.0
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0013",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "4132",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "4732",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "4089",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "4088",
            "trust": 1.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#107186",
            "trust": 1.5
          },
          {
            "db": "XF",
            "id": "8176",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000034",
            "trust": 0.8
          },
          {
            "db": "OVAL",
            "id": "OVAL:ORG.MITRE.OVAL:DEF:87",
            "trust": 0.6
          },
          {
            "db": "OVAL",
            "id": "OVAL:ORG.MITRE.OVAL:DEF:298",
            "trust": 0.6
          },
          {
            "db": "ISS",
            "id": "20020212 PROTOS REMOTE SNMP ATTACK TOOL",
            "trust": 0.6
          },
          {
            "db": "MS",
            "id": "MS02-006",
            "trust": 0.6
          },
          {
            "db": "REDHAT",
            "id": "RHSA-2001:163",
            "trust": 0.6
          },
          {
            "db": "SUNALERT",
            "id": "57404",
            "trust": 0.6
          },
          {
            "db": "CERT/CC",
            "id": "CA-2002-03",
            "trust": 0.6
          },
          {
            "db": "SGI",
            "id": "20020201-01-A",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-004",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "89608",
            "trust": 0.3
          },
          {
            "db": "BID",
            "id": "89661",
            "trust": 0.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "21296",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-0013",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "25758",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-0013"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0013"
          }
        ]
      },
      "id": "VAR-200202-0007",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.42828385666666663
      },
      "last_update_date": "2025-04-03T22:25:21.031000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HPSBUX00184",
            "trust": 0.8,
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00964944"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ibm.com/jp/"
          },
          {
            "title": "MS02-006",
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms02-006.mspx"
          },
          {
            "title": "RHSA-2001:163",
            "trust": 0.8,
            "url": "http://rhn.redhat.com/errata/RHSA-2001-163.html"
          },
          {
            "title": "#00215",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-22-00215-1"
          },
          {
            "title": "#00215",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-22-00215-3"
          },
          {
            "title": "MS02-006",
            "trust": 0.8,
            "url": "http://www.microsoft.com/japan/technet/security/Bulletin/ms02-006.mspx"
          },
          {
            "title": "RHSA-2001:163",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2001-163J.html"
          },
          {
            "title": "Cisco: Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20020211-snmp-msgs-non-ios"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2002-0013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0013"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.8,
            "url": "http://www.cert.org/advisories/ca-2002-03.html"
          },
          {
            "trust": 3.3,
            "url": "http://www.kb.cert.org/vuls/id/854306"
          },
          {
            "trust": 2.3,
            "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.redhat.com/support/errata/rhsa-2001-163.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.ee.oulu.fi/research/ouspg/protos/"
          },
          {
            "trust": 1.7,
            "url": "http://www.cert.org/tech_tips/denial_of_service.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.ietf.org/rfc/rfc1215.txt"
          },
          {
            "trust": 1.7,
            "url": "http://www.ietf.org/rfc/rfc1270.txt"
          },
          {
            "trust": 1.7,
            "url": "http://www.iss.net/security_center/alerts/advise110.php"
          },
          {
            "trust": 1.7,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20020201-01-a"
          },
          {
            "trust": 1.7,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc3000.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc1212.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc1213.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2570.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2571.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2572.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2573.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2574.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2575.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2576.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/4088"
          },
          {
            "trust": 1.6,
            "url": "http://online.securityfocus.com/bid/4132"
          },
          {
            "trust": 1.6,
            "url": "http://online.securityfocus.com/bid/4732"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/4089"
          },
          {
            "trust": 1.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0013"
          },
          {
            "trust": 1.2,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms02-006.asp"
          },
          {
            "trust": 1.1,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a87"
          },
          {
            "trust": 1.1,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a298"
          },
          {
            "trust": 1.1,
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006"
          },
          {
            "trust": 0.8,
            "url": "http://www.ciac.org/ciac/bulletins/m-042.shtml"
          },
          {
            "trust": 0.8,
            "url": "http://www.ipa.go.jp/security/ciadr/20020213snmp.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/wr/2002/wr020701.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/wr/2002/wr020901.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/at/2002/at020001.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnca-2002-03"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0013"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/8176"
          },
          {
            "trust": 0.7,
            "url": "http://www.kb.cert.org/vuls/id/107186"
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0012"
          },
          {
            "trust": 0.6,
            "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:87"
          },
          {
            "trust": 0.6,
            "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:298"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f44605"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f42769"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f43365"
          },
          {
            "trust": 0.3,
            "url": "http://online.securityfocus.com/news/474"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-006.asp"
          },
          {
            "trust": 0.3,
            "url": "http://otn.oracle.com/deploy/security/pdf/snmp_2002_alert.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f46343"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-non-ios-pub.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/public/sw-center/sw-ios.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/21296/"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20020211-snmp-msgs-non-ios"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1352.txt"
          },
          {
            "trust": 0.1,
            "url": "http://www.cert.org/tech_tips/snmp_faq.html"
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/ca/4.1.02/relnotes.htm"
          },
          {
            "trust": 0.1,
            "url": "http://www.innerdive.com/products/ric/)"
          },
          {
            "trust": 0.1,
            "url": "https://www.juniper.net."
          },
          {
            "trust": 0.1,
            "url": "http://sunsolve.sun.com/securitypatch."
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/go/psirt/."
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/ca/4.0.15/relnotes.htm"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1067.txt"
          },
          {
            "trust": 0.1,
            "url": "https://www.dartware.com)"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1140.txt"
          },
          {
            "trust": 0.1,
            "url": "http://itrc.hp.com"
          },
          {
            "trust": 0.1,
            "url": "http://www.sun.com/solstice/products/ent.agents/"
          },
          {
            "trust": 0.1,
            "url": "http://stage.caldera.com/support/security"
          },
          {
            "trust": 0.1,
            "url": "http://www.ee.oulu.fi/research/ouspg/)"
          },
          {
            "trust": 0.1,
            "url": "http://www.net-snmp.org/download/)."
          },
          {
            "trust": 0.1,
            "url": "http://www.cert.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.cert.org/cert_pgp.key"
          },
          {
            "trust": 0.1,
            "url": "http://www.ibm.com/software/lotus/support/)."
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/sa/4.0.15/relnotes.htm"
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1156.txt"
          },
          {
            "trust": 0.1,
            "url": "http://support.novell.com/tools/csp/"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/cpe/patches/"
          },
          {
            "trust": 0.1,
            "url": "https://www.covalent.net"
          },
          {
            "trust": 0.1,
            "url": "http://www.innerdive.com/products/mibscout/)"
          },
          {
            "trust": 0.1,
            "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/0100.h"
          },
          {
            "trust": 0.1,
            "url": "http://sunsolve.sun.com/security."
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1155.txt"
          },
          {
            "trust": 0.1,
            "url": "http://www.stonesoft.com/support/techcenter/"
          },
          {
            "trust": 0.1,
            "url": "http://www.sgi.com/support/security/."
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1089.txt"
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/ca/3.1.22/relnotes.htm"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-0013"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0013"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-0013"
          },
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200202-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0013"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2002-01-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "date": "2002-02-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2002-0013"
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89608"
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89661"
          },
          {
            "date": "2002-05-13T00:00:00",
            "db": "BID",
            "id": "4732"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "BID",
            "id": "4089"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "BID",
            "id": "4132"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          },
          {
            "date": "2002-02-12T22:54:19",
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "date": "2002-02-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200202-004"
          },
          {
            "date": "2002-02-13T05:00:00",
            "db": "NVD",
            "id": "CVE-2002-0013"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-11-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "date": "2007-11-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "date": "2018-10-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2002-0013"
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89608"
          },
          {
            "date": "2002-03-08T00:00:00",
            "db": "BID",
            "id": "89661"
          },
          {
            "date": "2002-05-13T00:00:00",
            "db": "BID",
            "id": "4732"
          },
          {
            "date": "2009-07-11T10:56:00",
            "db": "BID",
            "id": "4089"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "BID",
            "id": "4132"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2002-000034"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200202-004"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2002-0013"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          }
        ],
        "trust": 1.5
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in SNMPv1 trap handling",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "89608"
          },
          {
            "db": "BID",
            "id": "89661"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200205-0149

    Vulnerability from variot - Updated: 2025-04-03 22:25

    Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. The resultant crash may be due to a buffer overflow condition. If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. SNMP requests are messages sent from manager to agent systems. They typically poll the agent for current performance or configuration information, ask for the next SNMP object in a Management Information Base (MIB), or modify the configuration settings of the agent. Multiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP request messages. Among the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. It is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance. The affected device may reset, or require a manual reset to regain functionality.

    -----BEGIN PGP SIGNED MESSAGE-----

    CERT Advisory CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)

    Original release date: February 12, 2002 Last revised: -- Source: CERT/CC

    A complete revision history can be found at the end of this file.

    Systems Affected

    Products from a very wide variety of vendors may be affected. See Vendor Information for details from vendors who have provided feedback for this advisory.

    In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from http://www.kb.cert.org/vuls/id/854306 http://www.kb.cert.org/vuls/id/107186

    Many other systems making use of SNMP may also be vulnerable but were not specifically tested.

    In addition to this advisory, we also have an FAQ available at http://www.cert.org/tech_tips/snmp_faq.html

    I. Description

    The Simple Network Management Protocol (SNMP) is a widely deployed protocol that is commonly used to monitor and manage network devices. Version 1 of the protocol (SNMPv1) defines several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send unsolicited alerts. The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) has reported numerous vulnerabilities in SNMPv1 implementations from many different vendors. More information about SNMP and OUSPG can be found in Appendix C

    OUSPG's research focused on the manner in which SNMPv1 agents and managers handle request and trap messages. A trap message may indicate a warning or error condition or otherwise notify the manager about the agent's state. Request messages might be issued to obtain information from an agent or to instruct the agent to configure the host device.

    Vulnerabilities in the decoding and subsequent processing of SNMP messages by both managers and agents may result in denial-of-service conditions, format string vulnerabilities, and buffer overflows. Some vulnerabilities do not require the SNMP message to use the correct SNMP community string.

    These vulnerabilities have been assigned the CVE identifiers CAN-2002-0012 and CAN-2002-0013, respectively.

    II.

    III. Solution

    Note that many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.

    Apply a patch from your vendor

    Appendix A contains information provided by vendors for this advisory. Please consult this appendix to determine if you need to contact your vendor directly.

    Disable the SNMP service

    As a general rule, the CERT/CC recommends disabling any service or capability that is not explicitly required, including SNMP. Unfortunately, some of the affected products exhibited unexpected behavior or denial of service conditions when exposed to the OUSPG test suite even if SNMP was not enabled. In these cases, disabling SNMP should be used in conjunction with the filtering practices listed below to provide additional protection.

    Ingress filtering

    As a temporary measure, it may be possible to limit the scope of these vulnerabilities by blocking access to SNMP services at the network perimeter.

    Ingress filtering manages the flow of traffic as it enters a network under your administrative control. Servers are typically the only machines that need to accept inbound traffic from the public Internet. In the network usage policy of many sites, there are few reasons for external hosts to initiate inbound traffic to machines that provide no public services. Thus, ingress filtering should be performed at the border to prohibit externally initiated inbound traffic to non-authorized services. For SNMP, ingress filtering of the following ports can prevent attackers outside of your network from impacting vulnerable devices in the local network that are not explicitly authorized to provide public SNMP services.

    snmp 161/udp # Simple Network Management Protocol (SNMP) snmp 162/udp # SNMP system management messages

    The following services are less common, but may be used on some affected products

    snmp 161/tcp # Simple Network Management Protocol (SNMP) snmp 162/tcp # SNMP system management messages smux 199/tcp # SNMP Unix Multiplexer smux 199/udp # SNMP Unix Multiplexer synoptics-relay 391/tcp # SynOptics SNMP Relay Port synoptics-relay 391/udp # SynOptics SNMP Relay Port agentx 705/tcp # AgentX snmp-tcp-port 1993/tcp # cisco SNMP TCP port snmp-tcp-port 1993/udp # cisco SNMP TCP port

    As noted above, you should carefully consider the impact of blocking services that you may be using.

    It is important to note that in many SNMP implementations, the SNMP daemon may bind to all IP interfaces on the device. This has important consequences when considering appropriate packet filtering measures required to protect an SNMP-enabled device. For example, even if a device disallows SNMP packets directed to the IP addresses of its normal network interfaces, it may still be possible to exploit these vulnerabilities on that device through the use of packets directed at the following IP addresses: * "all-ones" broadcast address * subnet broadcast address * any internal loopback addresses (commonly used in routers for management purposes, not to be confused with the IP stack loopback address 127.0.0.1)

    Careful consideration should be given to addresses of the types mentioned above by sites planning for packet filtering as part of their mitigation strategy for these vulnerabilities.

    Finally, sites may wish to block access to the following RPC services related to SNMP (listed as name, program ID, alternate names)

    snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys snmp-utk snmpv2 100138 na.snmpv2 # SNM Version 2.2.2 snmpXdmid 100249

    Please note that this workaround may not protect vulnerable devices from internal attacks.

    Filter SNMP traffic from non-authorized internal hosts

    In many networks, only a limited number of network management systems need to originate SNMP request messages. This can reduce, but not wholly eliminate, the risk from internal attacks. However, it may have detrimental effects on network performance due to the increased load imposed by the filtering, so careful consideration is required before implementation. Similar caveats to the previous workaround regarding broadcast and loopback addresses apply.

    Change default community strings

    Most SNMP-enabled products ship with default community strings of "public" for read-only access and "private" for read-write access. As with any known default access control mechanism, the CERT/CC recommends that network administrators change these community strings to something of their own choosing. However, even when community strings are changed from their defaults, they will still be passed in plaintext and are therefore subject to packet sniffing attacks. SNMPv3 offers additional capabilities to ensure authentication and privacy as described in RFC2574.

    Because many of the vulnerabilities identified in this advisory occur before the community strings are evaluated, it is important to note that performing this step alone is not sufficient to mitigate the impact of these vulnerabilities. Nonetheless, it should be performed as part of good security practice.

    Segregate SNMP traffic onto a separate management network

    In situations where blocking or disabling SNMP is not possible, exposure to these vulnerabilities may be limited by restricting all SNMP access to separate, isolated management networks that are not publicly accessible. Although this would ideally involve physically separate networks, that kind of separation is probably not feasible in most environments. Mechanisms such as virtual LANs (VLANs) may be used to help segregate traffic on the same physical network. Note that VLANs may not strictly prevent an attacker from exploiting these vulnerabilities, but they may make it more difficult to initiate the attacks.

    Another option is for sites to restrict SNMP traffic to separate virtual private networks (VPNs), which employ cryptographically strong authentication.

    Note that these solutions may require extensive changes to a site's network architecture.

    Egress filtering

    Egress filtering manages the flow of traffic as it leaves a network under your administrative control. There is typically limited need for machines providing public services to initiate outbound traffic to the Internet. In the case of SNMP vulnerabilities, employing egress filtering on the ports listed above at your network border can prevent your network from being used as a source for attacks on other sites.

    Disable stack execution

    Disabling executable stacks (on systems where this is configurable) can reduce the risk of "stack smashing" attacks based on these vulnerabilities. Although this does not provide 100 percent protection against exploitation of these vulnerabilities, it makes the likelihood of a successful exploit much smaller. On many UNIX systems, executable stacks can be disabled by adding the following lines to /etc/system:

    set noexec_user_stack = 1 set noexec_user_stack_log = 1

    Note that this may go against the SPARC and Intel ABIs and can be bypassed as required in programs with mprotect(2). For the changes to take effect you will then need to reboot.

    Other operating systems and architectures also support the disabling of executable stacks either through native configuration parameters or via third-party software. Consult your vendor(s) for additional information.

    Share tools and techniques

    Because dealing with these vulnerabilities to systems and networks is so complex, the CERT/CC will provide a forum where administrators can share ideas and techniques that can be used to develop proper defenses. We have created an unmoderated mailing list for system and network administrators to discuss helpful techniques and tools.

    You can subscribe to the mailing list by sending an email message to majordomo@cert.org. In the body of the message, type

    subscribe snmp-forum

    After you receive the confirmation message, follow the instructions in the message to complete the subscription process.

    Appendix A. - Vendor Information

    This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.

    AdventNet

     This  is in reference to your notification regarding [VU#107186 and
     VU#854306]  and  OUSPG#0100.   AdventNet  Inc.  has reproduced this
     behavior  in  their  products and coded a Service Pack fix which is
     currently   in   regression   testing   in  AdventNet  Inc.'s  Q.A. 
     organization.    The  release  of  AdventNet  Inc's.  Service  Pack
     correcting  the  behavior  outlined in VU#617947, and OUSPG#0100 is
     scheduled  to  be  generally  available  to all of AdventNet Inc.'s
     customers by February 20, 2002.
    

    Avaya

     Avaya  Inc. No further information is available at this time.
    

    CacheFlow

     The  purpose of this email is to advise you that CacheFlow Inc. has
     provided a software update. Please be advised that updated versions
     of  the  software  are  now  available  for all supported CacheFlow
     hardware  platforms,  and may be obtained by CacheFlow customers at
     the following URL:
    
          http://download.cacheflow.com/
    

    The specific reference to the software update is contained within the Release Notes for CacheOS Versions 3.1.22 Release ID 17146, 4.0.15 Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149.

    RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm

    RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm

     * SR   1-1647517,   VI  13045:  This  update  modified  a  potential
     vulnerability by using an SNMP test tools exploit.
    

    3Com Corporation

     A  vulnerability to an SNMP packet with an invalid length community
     string  has  been  resolved  in  the  following products. Customers
     concerned  about  this  weakness should ensure that they upgrade to
     the following agent versions:
     PS Hub 40
     2.16 is due Feb 2002
     PS Hub 50
     2.16 is due Feb 2002
     Dual Speed Hub
     2.16 is due Jan 2002
     Switch 1100/3300
     2.68 is available now
     Switch 4400
     2.02 is available now
     Switch 4900
     2.04 is available now
     WebCache1000/3000
     2.00 is due Jan 2002
    

    Caldera

     Caldera   International,  Inc.  has  reproduced  faulty behavior in
     Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX
     8.  We have coded a software fix for  supported versions of Caldera
     UnixWare  7  and  Caldera  Open UNIX 8 that will  be available from
     our   support   site  at  http://stage.caldera.com/support/security
     immediately  following the publication of this CERT announcement. A
     fix  for  supported versions of OpenServer 5 will be available at a
     later date.
    

    Cisco Systems

     Cisco  Systems  is  addressing  the  vulnerabilities  identified by
     VU#854306  and VU#107186 across its entire product line. Cisco will
     publish    a    security   advisory   with   further   details   at
     http://www.cisco.com/go/psirt/.
    

    Compaq Computer Corporation

     x-ref: SSRT0779U SNMP
     At  the time of writing this document, COMPAQ continues to evaluate
     this potential problem and when new versions of SNMP are available,
     COMPAQ  will implement solutions based on the new code. Compaq will
     provide  notice  of  any  new  patches  as  a result of that effort
     through  standard  patch  notification  procedures and be available
     from your normal Compaq Services support channel.
    

    Computer Associates

     Computer  Associates  has  confirmed Unicenter vulnerability to the
     SNMP  advisory identified by CERT notification reference [VU#107186
     &   VU#854306]   and   OUSPG#0100.   We  have  produced  corrective
     maintenance  to  address  these  vulnerabilities,  which  is in the
     process  of publication for all applicable releases / platforms and
     will  be  offered  through the CA Support site.  Please contact our
     Technical    Support   organization   for   information   regarding
     availability / applicability for your specific configuration(s).
    

    COMTEK Services, Inc.

     NMServer  for  AS/400  is  not  an SNMP master and is therefore not
     vulnerable.  However  this  product  requires the use of the AS/400
     SNMP  master  agent  supplied  by  IBM.
    
     NMServer   for  OpenVMS  has  been  tested  and  has  shown  to  be
     vulnerable.  COMTEK  Services  is  preparing  a new release of this
     product  (version  3.5)  which will contain a fix for this problem. 
     This  new  release  is  scheduled to be available in February 2002. 
     Contact COMTEK Services for further information.
    
     NMServer  for VOS has not as yet been tested; vulnerability of this
     agent  is  unknown.  Contact for further information on the testing
     schedule of the VOS product.
    

    Covalent Technologies

     Covalent Technologies ERS (Enterprise Ready Server), Secure Server,
     and  Conductor  SNMP module are not vulnerable according to testing
     performed   in   accordance  with  CERT  recommendations.  Security
     information for Covalent products can be found at www.covalent.net
    

    Dartware, LLC

     Dartware,  LLC  (www.dartware.com)  supplies  two products that use
     SNMPv1  in  a  manager  role,  InterMapper  and SNMP Watcher.  This statement applies to all present
     and past versions of these two software packages.
    

    DMH Software

     DMH  Software  is  in  the  process of evaluating and attempting to
     reproduce this behavior. 
     It  is  unclear at this point if our snmp-agent is sensitive to the
     tests described above. 
     If  any  problems  will  be  discovered,  DMH  Software will code a
     software fix. 
     The  release of DMH Software OS correcting the behavior outlined in
     VU#854306, VU#107186, and OUSPG#0100 will be generally available to
     all of DMH Software's customers as soon as possible.
    

    EnGarde Secure Linux

     EnGarde  Secure  Linux  did  not  ship any SNMP packages in version
     1.0.1 of our distribution, so we are not vulnerable to either bug.
    

    FreeBSD

     FreeBSD  does  not  include any SNMP software by default, and so is
     not vulnerable.  However, the FreeBSD Ports Collection contains the
     UCD-SNMP   /   NET-SNMP   package.    Package   versions  prior  to
     ucd-snmp-4.2.3  are  vulnerable.   The upcoming FreeBSD 4.5 release
     will  ship  the  corrected  version  of  the  UCD-SNMP  /  NET-SNMP
     package.   In  addition,  the  corrected version of the packages is
     available from the FreeBSD mirrors.
    
     FreeBSD   has   issued  the  following  FreeBSD  Security  Advisory
     regarding the UCD-SNMP / NET-SNMP package:
     ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09. 
     snmp.asc.
    

    Hewlett-Packard Company

     SUMMARY - known vulnerable:
     ========================================
     hp procurve switch 2524
     NNM  (Network Node Manager)
     JetDirect Firmware (Older versions only)
     HP-UX Systems running snmpd or OPENVIEW
     MC/ServiceGuard
     EMS
     Still under investigation:
     SNMP/iX (MPE/iX)
     ========================================
     _________________________________________________________
     ---------------------------------------------------------
     hp procurve switch 2524 
     ---------------------------------------------------------
     hp procurve switch 2525 (product J4813A) is vulnerable to some
     issues, patches in process. Watch for the associated HP
     Security Bulletin. 
     ---------------------------------------------------------
     NNM  (Network Node Manager)
     ---------------------------------------------------------
     Some problems were found in NNM product were related to
     trap handling. Patches in process. Watch for the
     associated HP Security Bulletin. 
     ---------------------------------------------------------
     JetDirect Firmware (Older versions only)
     ---------------------------------------------------------
     ONLY some older versions of JetDirect Firmware are
     vulnerable to some of the issues.  The older firmware
     can be upgraded in most cases, see list below. 
     JetDirect Firmware Version    State
     ==========================    =====
        X.08.32 and higher     NOT Vulnerable
        X.21.00 and higher     NOT Vulnerable
     JetDirect Product Numbers that can be freely
     upgraded to X.08.32 or X.21.00 or higher firmware. 
     EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)
     J3110A 10T
     J3111A 10T/10B2/LocalTalk
     J3112A Token Ring (discontinued)
     J3113A 10/100 (discontinued)
     J4169A 10/100
     J4167A Token Ring
     MIO (Peripherals LaserJet 4, 4si, 5si, etc...)
     J2550A/B 10T (discontinued)
     J2552A/B 10T/10Base2/LocalTalk (discontinued)
     J2555A/B Token Ring (discontinued)
     J4100A 10/100
     J4105A Token Ring
     J4106A 10T
     External Print Servers
     J2591A EX+ (discontinued)
     J2593A EX+3 10T/10B2 (discontinued)
     J2594A EX+3 Token Ring (discontinued)
     J3263A 300X 10/100
     J3264A 500X Token Ring
     J3265A 500X 10/100
     ----------------------------------------------------------
     HP-UX Systems running snmpd or OPENVIEW
     ----------------------------------------------------------
     The following patches are available now:
       PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch
       PHSS_26138 s700_800 11.X  OV EMANATE14.2 Agent Consolidated Patch
       PSOV_03087 EMANATE Release 14.2 Solaris 2.X  Agent Consolidated
     Patch
     All three patches are available from:
     http://support.openview.hp.com/cpe/patches/
     In addition PHSS_26137 and PHSS_26138 will soon be available from:
     http://itrc.hp.com
     ================================================================
     NOTE: The patches are labeled OV(Open View). However, the patches
     are also applicable to systems that are not running Open View. 
     =================================================================
     Any   HP-UX  10.X  or  11.X  system  running  snmpd  or  snmpdm  is
     vulnerable. 
     To determine if your HP-UX system has snmpd or snmpdm installed:
       swlist -l file | grep snmpd
     If a patch is not available for your platform or you cannot install
     an  available  patch,  snmpd and snmpdm can be disabled by removing
     their
     entries  from  /etc/services  and  removing the execute permissions
     from
     /usr/sbin/snmpd and /usr/sbin/snmpdm. 
     ----------------------------------------------------------------
     Investigation completed, systems vulnerable. 
     ----------------------------------------------------------------
     MC/ServiceGuard
     Event Monitoring System  (EMS)
     ----------------------------------------------------------------
       Still under investigation:
     ----------------------------------------------------------------
     SNMP/iX (MPE/iX)
    

    Hirschmann Electronics GmbH & Co. KG

     Hirschmann  Electronics  GmbH  &  Co.  KG supplies a broad range of
     networking  products,  some  of  which  are  affected  by  the SNMP
     vulnerabilities  identified by CERT Coordination Center. Hirschmann customers may contact our Competence
     Center (phone +49-7127-14-1538, email:
     ans-support@nt.hirschmann.de)     for    additional    information,
     especially  regarding  availability  of  latest  firmware  releases
     addressing the SNMP vulnerabilities.
    

    IBM Corporation

     Based  upon  the  results  of  running  the  test  suites  we  have
     determined  that  our  version  of  SNMP  shipped  with  AIX is NOT
     vulnerable.
    

    Innerdive Solutions, LLC

     Innerdive Solutions, LLC has two SNMP based products:
     1. The "SNMP MIB Scout"
     (http://www.innerdive.com/products/mibscout/)
     2. The "Router IP Console" (http://www.innerdive.com/products/ric/)
     The "SNMP MIB Scout" is not vulnerable to either bug. 
     The "Router IP Console" releases prior to 3.3.0.407 are vulnerable. 
     The release of "Router IP Console" correcting the behavior outlined
     in  OUSPG#0100  is  3.3.0.407 and is already available on our site. 
     Also,  we  will  notify all our customers about this new release no
     later than March 5, 2002.
    

    Juniper Networks

     This  is  in reference to your notification regarding CAN-2002-0012
     and  CAN-2002-0013.   Juniper Networks has reproduced this behavior
     and coded a software fix.  The fix will be included in all releases
     of  JUNOS Internet software built after January 5, 2002.  Customers
     with  current  support contracts can download new software with the
     fix from Juniper's web site at www.juniper.net. 
     Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can
     only  be  reproduced  in JUNOS Internet software if certain tracing
     options  are  enabled.   These options are generally not enabled in
     production routers.
    

    Lantronix, Inc.

     Lantronix  is  committed  to  resolving  security  issues  with our
     products.  The SNMP security bug you reported has been fixed in LRS
     firmware version B1.3/611(020123).
    

    Lotus Development Corporation

     Lotus    Software   evaluated   the   Lotus   Domino   Server   for
     vulnerabilities using the test suite materials provided by OUSPG. 
     This  problem  does  not affect default installations of the Domino
     Server.   However,  SNMP  agents  can  be  installed from the CD to
     provide  SNMP  services for the Domino Server (these are located in
     the   /apps/sysmgmt/agents   directory).    The  optional  platform
     specific  master  and  encapsulator  agents included with the Lotus
     Domino  SNMP  Agents  for  HP-UX  and Solaris have been found to be
     vulnerable.  For  those  platforms,  customers  should  upgrade  to
     version  R5.0.1  a  of  the Lotus Domino SNMP Agents, available for
     download  from the Lotus Knowledge Base on the IBM Support Web Site
     (http://www.ibm.com/software/lotus/support/).   Please   refer   to
     Document  #191059,  "Lotus Domino SNMP Agents R5.0.1a", also in the
     Lotus Knowledge Base, for more details.
    

    LOGEC Systems Inc

     The  products  from  LOGEC  Systems are exposed to SNMP only via HP
     OpenView.  We  do  not have an implementation of SNMP ourselves. As
     such,  there is nothing in our products that would be an issue with
     this alert.
    

    Lucent

     Lucent is aware of reports that there is a vulnerability in certain
     implementations  of  the  SNMP (Simple Network Management Protocol)
     code  that  is  used in data switches and other hardware throughout
     the telecom industry. 
     As soon as we were notified by CERT, we began assessing our product
     portfolio  and  notifying  customers  with  products  that might be
     affected. 
     Our  5ESS  switch  and  most  of  our  optical  portfolio  were not
     affected.   Our  core  and  edge  ATM switches and most of our edge
     access  products  are  affected, but we have developed, tested, and
     deployed  fixes for many of those products to our customers. 
     We consider the security and reliability of our customers' networks
     to  be  one  of  our  critical  measures  of success. We take every
     reasonable measure to ensure their satisfaction. 
     In  addition,  we  are  working  with  customers on ways to further
     enhance the security they have in place today.
    

    Marconi

     Marconi  supplies  a  broad range of telecommunications and related
     products,  some  of  which are affected by the SNMP vulnerabilities
     identified  here. Those
     Marconi   customers   with  support  entitlement  may  contact  the
     appropriate   Technical  Assistance  Center  (TAC)  for  additional
     information.  Those not under support entitlement may contact their
     sales representative.
    

    Microsoft Corporation

     The  Microsoft  Security Reponse [sic] Center has investigated this
     issue, and provides the following information.  The  SNMP v1 service is not installed or running by
     default on any version of Windows. A patch is underway to eliminate
     the  vulnerability.  In  the  meantime,  we recommend that affected
     customers disable the SNMP v1 service.
    
     Details:
     An  SNMP  v1 service ships on the CDs for Windows 95, 98, and 98SE. 
     It  is  not  installed  or  running  by  default  on  any  of these
     platforms.  An SNMP v1 is NOT provided for Windows ME.  However, it
     is  possible  that  Windows  98  machines  which  had  the  service
     installed  and  were  upgraded would still have the service.  Since
     SNMP  is  not  supported for WinME, customers in this situation are
     urged to remove the SNMP service. 
     An  SNMP  v1  service  is  available  on  Windows NT 4.0 (including
     Terminal  Server  Edition) and Windows 2000 but is not installed or
     running  by  default  on any of these platforms.Windows XP does not
     ship with an SNMP v1 service.
    
     Remediation:
     A  patch  is  underway  for  the  affected  platforms,  and will be
     released  shortly.  In  the  meantime,  Microsoft  recommends  that
     customers  who  have  the  SNMP  v1  service  running disable it to
     protect their systems. Following are instruction for doing this:
    
     Windows 95, 98 and 98SE:
     1. In Control Panel, double-click Network. 
     2. On  the  Configuration  tab,  select Microsoft SNMP Agent from the
        list of installed components. 
     3. Click Remove
    
     Check the following keys and confirm that snmp.exe is not listed. 
     HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunSer
     vices
     HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    
     For Windows XP:
     1. Right-click on My Computer and select Manage
     2. Click on Services and Applications, then on Services
     3. Location  SNMP  on  the list of services, then select it and click
        Stop. 
     4. Select Startup, and click Disabled. 
     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer
        Management window.
    
     For Windows NT 4.0 (including Terminal Server Edition):
     1. Select Start, then Settings. 
     2. Select Control Panel, then click on the Services Icon
     3. Locate  SNMP  on  the  list  of services, then select it and click
        Stop. 
     4. Select Startup, and click Disabled. 
     5. Click OK to close the dialoge [sic], then close Control Panel
    
     Windows 2000:
     1. Right-click on My Computer and select Manage
     2. Click on Services and Applications, then on Services
     3. Location  SNMP  on  the list of services, then select it and click
        Stop. 
     4. Select Startup, and click Disabled. 
     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer
        Management window.
    

    Multinet

     MultiNet  and  TCPware customers should contact Process Software to
     check  for  the availability of patches for this issue. A couple of
     minor  problems were found and fixed, but there is no security risk
     related to the SNMP code included with either product.
    

    Netaphor

     NETAPHOR  SOFTWARE INC. is the creator of Cyberons for Java -- SNMP
     Manager  Toolkit  and Cyberons for Java -- NMS Application Toolkit,
     two   Java  based  products  that  may  be  affected  by  the  SNMP
     vulnerabilities  identified  here.  The  manner  in  which they are
     affected  and the actions required (if any) to avoid being impacted
     by  exploitation  of  these  vulnerabilities,  may  be  obtained by
     contacting  Netaphor  via email at info@netaphor.com Customers with
     annual support may contact support@netaphor.com directly. Those not
     under    support    entitlement   may   contact   Netaphor   sales:
     sales@netaphor.com or (949) 470 7955 in USA.
    

    NetBSD

     NetBSD does not ship with any SNMP tools in our 'base' releases. We
     do  provide  optional  packages  which  provide various support for
     SNMP.  These  packages  are  not installed by default, nor are they
     currently  provided  as  an  install option by the operating system
     installation tools. A system administrator/end-user has to manually
     install this with our package management tools. These SNMP packages
     include:
          + netsaint-plugin-snmp-1.2.8.4  (SNMP  monitoring  plug-in  for
            netsaint)
          + p5-Net-SNMP-3.60 (perl5 module for SNMP queries)
          + p5-SNMP-3.1.0  (Perl5  module for interfacing to the UCD SNMP
            library
          + p5-SNMP_Session-0.83   (perl5  module  providing  rudimentary
            access to remote SNMP agents)
          + ucd-snmp-4.2.1  (Extensible  SNMP  implementation) (conflicts
            with ucd-snmp-4.1.2)
          + ucd-snmp-4.1.2  (Extensible  SNMP  implementation) (conflicts
            with ucd-snmp-4.2.1)
    
     We    do   provide   a   software   monitoring   mechanism   called
     'audit-packages',  which allows us to highlight if a package with a
     range  of  versions  has  a potential vulnerability, and recommends
     that the end-user upgrade the packages in question.
    

    Netscape Communications Corporation

     Netscape  continues  to be committed to maintaining a high level of
     quality  in  our  software  and  service  offerings.  Part  of this
     commitment  includes  prompt response to security issues discovered
     by organizations such as the CERT Coordination Center. 
     According  to a recent CERT/CC advisory, The Oulu University Secure
     Programming  Group (OUSPG) has reported numerous vulnerabilities in
     multiple  vendor  SNMPv1 implementations. 
     We  have  carefully  examined the reported findings, performing the
     tests  suggested  by the OUSPG to determine whether Netscape server
     products  were  subject to these vulnerabilities. It was determined
     that several products fell into this category. As a result, we have
     created  fixes  which will resolve the issues, and these fixes will
     appear  in  future  releases  of  our  product  line. To Netscape's
     knowledge,  there  are  no known instances of these vulnerabilities
     being exploited and no customers have been affected to date. 
     When such security warnings are issued, Netscape has committed to -
     and will continue to commit to - resolving these issues in a prompt
     and timely fashion, ensuring that our customers receive products of
     the highest quality and security.
    

    NET-SNMP

     All  ucd-snmp  version  prior  to  4.2.2  are  susceptible  to this
     vulnerability  and  users  of  versions  prior to version 4.2.2 are
     encouraged   to   upgrade   their  software  as  soon  as  possible
     (http://www.net-snmp.org/download/).  Version  4.2.2 and higher are
     not susceptible.
    

    Network Associates

     PGP is not affected, impacted, or otherwise related to this VU#.
    

    Network Computing Technologies

     Network   Computing   Technologies  has  reviewed  the  information
     regarding  SNMP  vulnerabilities and is currently investigating the
     impact to our products.
    

    Nokia

     This  vulnerability  is  known  to affect IPSO versions 3.1.3, 3.3,
     3.3.1,  3.4,  and  3.4.1.   Patches  are  currently  available  for
     versions  3.3,  3.3.1,  3.4  and  3.4.1 for download from the Nokia
     website.   In  addition,  version  3.4.2  shipped  with  the  patch
     incorporated,  and the necessary fix will be included in all future
     releases of IPSO. 
     We  recommend customers install the patch immediately or follow the
     recommended precautions below to avoid any potential exploit. 
     If you are not using SNMP services, including Traps, simply disable
     the   SNMP   daemon   to   completely   eliminate   the   potential
     vulnerability. 
     If   you  are  using  only  SNMP  Traps  and  running  Check  Point
     FireWall-1,  create  a  firewall  policy  to disallow incoming SNMP
     messages on all appropriate interfaces. Traps will continue to work
     normally.
    

    Nortel Networks

     The  CERT Coordination Center has issued a broad based alert to the
     technology industry, including Nortel Networks, regarding potential
     security   vulnerabilities   identified   in   the  Simple  Network
     Management  Protocol  (SNMP),  a  common  networking  standard. The
     company   is   working   with  CERT  and  other  network  equipment
     manufacturers, the U.S. Government, service providers, and software
     suppliers to assess and address this issue.
    

    Novell

     Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x
     and  6.0  systems. The SNMP and SNMPLOG vulnerabilities detected on
     NetWare  are  fixed and will be available through NetWare 6 Support
     Pack 1 & NetWare 5.1 Support Pack 4. Support packs are available at
     http://support.novell.com/tools/csp/
    

    OpenBSD

     OpenBSD does not ship SNMP code.
    

    Qualcomm

     WorldMail  does  not  support SNMP by default, so customers who run
     unmodified installations are not vulnerable.
    

    Redback Networks, Inc.

     Redback  Networks,  Inc.  has  identified that the vulnerability in
     question  affects  certain versions of AOS software on the SMS 500,
     SMS  1800,  and  SMS 10000 platforms, and is taking the appropriate
     steps necessary to correct the issue.
    

    Red Hat

     RedHat has released a security advisiory [sic] at
     http://www.redhat.com/support/errata/RHSA-2001-163.html
     with  updated  versions  of  the ucd-snmp package for all supported
     releases and architectures. For more information or to download the
     update please visit this page.
    

    SGI

     SGI  acknowledges  the SNMP vulnerabilities reported by CERT and is
     currently  investigating.  No  further  information is available at
     this time. 
     For  the  protection  of  all our customers, SGI does not disclose,
     discuss  or  confirm vulnerabilities until a full investigation has
     occurred  and  any  necessary  patch(es)  or  release  streams  are
     available  for all vulnerable and supported IRIX operating systems. 
     Until SGI has more definitive information to provide, customers are
     encouraged  to  assume  all security vulnerabilities as exploitable
     and  take  appropriate  steps  according  to  local  site  security
     policies   and   requirements.   As   further  information  becomes
     available,  additional advisories will be issued via the normal SGI
     security  information  distribution  methods  including the wiretap
     mailing list on http://www.sgi.com/support/security/.
    

    SNMP Research International

     SNMP  Research  has  made  the following vendor statement. They are
     likely  to  revise  and  expand  the  statement as the date for the
     public vulnerability announcement draws nearer.   Users  maintaining
     earlier  releases should update to the current release if they have
     not  already  done  so.  Up-to-date  information  is available from
     support@snmp.com. Other Stonesoft's products are
     still   under   investigation.   As   further  information  becomes
     available, additional advisories will be available at
     http://www.stonesoft.com/support/techcenter/
    

    Sun Microsystems, Inc.

     Sun's  SNMP  product,  Solstice  Enterprise Agents (SEA), described
     here:
     http://www.sun.com/solstice/products/ent.agents/
     is  affected  by VU#854306 but not VU#107186. More specifically the
     main  agent  of  SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8. 
     Sun  is  currently  generating  patches  for this issue and will be
     releasing  a  Sun Security Bulletin once the patches are available. 
     The bulletin will be available from:
     http://sunsolve.sun.com/security.  Sun  patches are available from:
     http://sunsolve.sun.com/securitypatch.
    

    Symantec Corporation

     Symantec Corporation has investigated the SNMP issues identified by
     the  OUSPG test suite and determined that Symantec products are not
     susceptable [sic] to these issues.
    

    TANDBERG

     Tandberg  have  run  all  the  testcases found the PROTOS test-suie
     [sic], c06snmpv1:
     1. c06-snmpv1-trap-enc-pr1.jar
     2. c06-snmpv1-treq-app-pr1.jar
     3. c06-snmpv1-trap-enc-pr1.jar
     4. c06-snmpv1-req-app-pr1.jar
     The  tests  were  run with standard delay time between the requests
     (100ms),  but  also  with  a delay of 1ms. The tests applies to all
     TANDBERG  products (T500, T880, T1000, T2500, T6000 and T8000). The
     software  tested  on these products were B4.0 (our latest software)
     and no problems were found when running the test suite.
    

    Appendix B. - References 1. http://www.ee.oulu.fi/research/ouspg/protos/ 2. http://www.kb.cert.org/vuls/id/854306 3. http://www.kb.cert.org/vuls/id/107186 4. http://www.cert.org/tech_tips/denial_of_service.html 5. http://www.ietf.org/rfc/rfc1067.txt 6. http://www.ietf.org/rfc/rfc1089.txt 7. http://www.ietf.org/rfc/rfc1140.txt 8. http://www.ietf.org/rfc/rfc1155.txt 9. http://www.ietf.org/rfc/rfc1156.txt 10. http://www.ietf.org/rfc/rfc1215.txt 11. http://www.ietf.org/rfc/rfc1270.txt 12. http://www.ietf.org/rfc/rfc1352.txt

    Appendix C. - Background Information

     Background Information on the OUSPG
    
       OUSPG  is an academic research group located at Oulu University in
       Finland.  The  purpose  of this research group is to test software
       for vulnerabilities. 
       History  has  shown  that  the  techniques  used by the OUSPG have
       discovered a large number of previously undetected problems in the
       products  and  protocols  they  have  tested.  In  2001, the OUSPG
       produced a comprehensive test suite for evaluating implementations
       of  the  Lightweight  Directory  Access Protocol (LDAP). This test
       suite  was  developed with the strategy of abusing the protocol in
       unsupported  and  unexpected  ways,  and  it was very effective in
       uncovering  a  wide  variety  of  vulnerabilities  across  several
       products.  This approach can reveal vulnerabilities that would not
       manifest themselves under normal conditions. 
       After  completing  its  work  on  LDAP,  OUSPG  moved its focus to
       SNMPv1.  As  with  LDAP,  they designed a custom test suite, began
       testing   a   selection   of  products,  and  found  a  number  of
       vulnerabilities.  Because  OUSPG's  work  on  LDAP  was similar in
       procedure  to its current work on SNMP, you may wish to review the
       LDAP  Test  Suite  and  CERT  Advisory  CA-2001-18, which outlined
       results of application of the test suite. 
       In order to test the security of protocols like SNMPv1, the PROTOS
       project  presents  a  server with a wide variety of sample packets
       containing  unexpected  values  or  illegally formatted data. As a
       member of the PROTOS project consortium, the OUSPG used the PROTOS
       c06-snmpv1  test  suite  to  study  several implementations of the
       SNMPv1  protocol.
    
     Background Information on the Simple Network Management Protocol
    
       The  Simple Network Management Protocol (SNMP) is the most popular
       protocol  in use to manage networked devices. SNMP was designed in
       the late 80's to facilitate the exchange of management information
       between  networked  devices, operating at the application layer of
       the  ISO/OSI  model.  The SNMP protocol enables network and system
       administrators  to  remotely  monitor and configure devices on the
       network  (devices  such  as  switches  and  routers). Software and
       firmware products designed for networks often make use of the SNMP
       protocol.  SNMP  runs  on  a  multitude  of  devices and operating
       systems, including, but not limited to,
          + Core  Network  Devices (Routers, Switches, Hubs, Bridges, and
            Wireless Network Access Points)
          + Operating Systems
          + Consumer  Broadband  Network  Devices  (Cable  Modems and DSL
            Modems)
          + Consumer Electronic Devices (Cameras and Image Scanners)
          + Networked   Office  Equipment  (Printers,  Copiers,  and  FAX
            Machines)
          + Network and Systems Management/Diagnostic Frameworks (Network
            Sniffers and Network Analyzers)
          + Uninterruptible Power Supplies (UPS)
          + Networked Medical Equipment (Imaging Units and Oscilloscopes)
          + Manufacturing and Processing Equipment
       The  SNMP  protocol  is  formally defined in RFC1157. Quoting from
       that RFC:
    
                Implicit  in the SNMP architectural model is a collection
                of  network  management  stations  and  network elements. 
                Network    management    stations    execute   management
                applications  which monitor and control network elements. 
                Network  elements  are  devices  such as hosts, gateways,
                terminal  servers,  and  the  like, which have management
                agents  responsible for performing the network management
                functions  requested  by the network management stations. 
                The  Simple Network Management Protocol (SNMP) is used to
                communicate  management  information  between the network
                management   stations  and  the  agents  in  the  network
                elements.
    
       Additionally,   SNMP  is  discussed  in  a  number  of  other  RFC
       documents:
          + RFC 3000 Internet Official Protocol Standards
          + RFC 1212 Concise MIB Definitions
          + RFC  1213  Management Information Base for Network Management
            of TCP/IP-based Internets: MIB-II
          + RFC  1215  A  Convention  for Defining Traps for use with the
            SNMP
          + RFC 1270 SNMP Communications Services
          + RFC  2570  Introduction to Version 3 of the Internet-standard
            Network Management Framework
          + RFC  2571  An  Architecture  for  Describing  SNMP Management
            Frameworks
          + RFC  2572  Message  Processing and Dispatching for the Simple
            Network Management Protocol (SNMP)
          + RFC 2573 SNMP Applications
          + RFC 2574 User-based Security Model (USM) for version 3 of the
            Simple Network Management Protocol (SNMPv3)
          + RFC  2575  View-based  Access  Control  Model  (VACM) for the
            Simple Network Management Protocol (SNMP)
          + RFC  2576  Coexistence  between  Version  1,  Version  2, and
            Version   3   of  the  Internet-standard  Network  Management
            Framework
         _____________________________________________________________
    
       The  CERT  Coordination  Center  thanks the Oulu University Secure
       Programming  Group  for reporting these vulnerabilities to us, for
       providing  detailed  technical  analyses,  and for assisting us in
       preparing  this  advisory.  We also thank Steven M. Bellovin (AT&T
       Labs  --  Research),  Wes Hardaker (Net-SNMP), Steve Moulton (SNMP
       Research),  Tom Reddington (Bell Labs), Mike Duckett (Bell South),
       Rob   Thomas,  Blue  Boar  (Thievco),  and  the  many  others  who
       contributed to this document. 
         _____________________________________________________________
    
       Feedback  on  this document can be directed to the authors, Ian A. 
       Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D. 
       Householder, Marty Lindner, and Art Manion. 
       __________________________________________________________________
    
       This document is available from:
       http://www.cert.org/advisories/CA-2002-03.html
       __________________________________________________________________
    
       CERT/CC Contact Information
    
        Email: cert@cert.org
                Phone: +1 412-268-7090 (24-hour hotline)
                Fax: +1 412-268-6989
                Postal address:
                CERT Coordination Center
                Software Engineering Institute
                Carnegie Mellon University
                Pittsburgh PA 15213-3890
                U.S.A.
    
       CERT/CC  personnel  answer  the  hotline  08:00-17:00 EST(GMT-5) /
       EDT(GMT-4) Monday through Friday; they are on call for emergencies
       during other hours, on U.S. holidays, and on weekends.
    
       Using encryption
       We  strongly  urge  you  to  encrypt sensitive information sent by
       email. Our public PGP key is available from
        http://www.cert.org/CERT_PGP.key
       If  you  prefer  to use DES, please call the CERT hotline for more
       information.
    
       Getting  security information
       CERT publications and other security information are available
       from our web site
        http://www.cert.org/
       To   subscribe  to  the  CERT  mailing  list  for  advisories  and
       bulletins, send email to majordomo@cert.org. Please include in the
       body of your message
    
         subscribe cert-advisory
    
       * "CERT" and "CERT Coordination Center" are registered in the U.S. 
       Patent and Trademark Office. 
       __________________________________________________________________
    
       NO WARRANTY
       Any  material  furnished  by  Carnegie  Mellon  University and the
       Software  Engineering  Institute is furnished on an "as is" basis. 
       Carnegie Mellon University makes no warranties of any kind, either
       expressed  or  implied as to any matter including, but not limited
       to,   warranty   of   fitness   for   a   particular   purpose  or
       merchantability,  exclusivity  or results obtained from use of the
       material. Carnegie Mellon University does not make any warranty of
       any  kind  with  respect  to  freedom  from  patent, trademark, or
       copyright infringement. 
         _____________________________________________________________
    
       Conditions for use, disclaimers, and sponsorship information
       Copyright 2002 Carnegie Mellon University.
    

    Revision History

       February 12, 2002: Initial release
    

    -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

    iQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU R1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl QUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr uZiMJ5f2SEo= =h42e -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200205-0149",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ios 12.0",
            "scope": "ne",
            "trust": 5.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1",
            "scope": "ne",
            "trust": 3.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "openserver",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "caldera",
            "version": "5.0.5"
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "3com",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "adtran",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "american power conversion",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "aprisma",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "bea",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "bmc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cnt",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "comtek services",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cscare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cacheflow",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "carrier access",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "compaq computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "computer associates",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "concord",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "dart",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "dell",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "digital",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "entrada",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "equinox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "fluke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "general datacomm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hirschmann",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "iplanet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "itouch",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "infovista",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "inktomi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "innerdive",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "ipswitch",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "karlnet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lantronix",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "larscom incorporated",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lotus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lucent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mg soft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "marconi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mercury interactive",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "metrobility optical",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "micromuse",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "monfox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "multinet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "net snmp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "network harmoni",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nbase xyplex",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netscout",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netsilicon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "netscape",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "network appliance",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "nortel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "novell",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "openwave",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "optical access",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "perle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "powerware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "radware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "redback",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "riverstone",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "snmp research",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sniffer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sonicwall",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sonus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "the sco group sco unix",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "tivoli",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "toshiba",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "unisphere",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vertical",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vina",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "wind river",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "world wide packets",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "xerox",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "e security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "net com",
            "version": null
          },
          {
            "model": "ios 12.2",
            "scope": "ne",
            "trust": 1.5,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "cisco",
            "version": "30002.5.2"
          },
          {
            "model": "ios 12.0 xe",
            "scope": null,
            "trust": 1.2,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 dc2",
            "scope": "ne",
            "trust": 1.2,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s6",
            "scope": "ne",
            "trust": 0.9,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nudesign team",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "outback resource group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "veritas",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bintec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "interniche",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ncipher corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netscreen",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nokia",
            "version": null
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "5.0"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "4.0.1"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "3.0.1"
          },
          {
            "model": "sunatm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "2.1"
          },
          {
            "model": "ios 12.0 s7",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 bx",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 st1",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e8",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s8",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 w5",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ios 12.0 xe?",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "30003.1"
          },
          {
            "model": "ios 12.0 s1",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 wc1",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xu",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 db1",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xk",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 st2",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ey",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e3",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 db2",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "30003.0.3"
          },
          {
            "model": "ios 12.1 ex",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "sunnet manager sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.3"
          },
          {
            "model": "sunnet manager intel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.3"
          },
          {
            "model": "sunmc rr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "3.0"
          },
          {
            "model": "sunmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "3.0"
          },
          {
            "model": "sunmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.1.1"
          },
          {
            "model": "enterprise server ssp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "100003.5"
          },
          {
            "model": "enterprise server ssp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "100003.4"
          },
          {
            "model": "enterprise server ssp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "100003.3"
          },
          {
            "model": "research mid-level manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snmp",
            "version": "15.3"
          },
          {
            "model": "research enterpol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snmp",
            "version": "15.3"
          },
          {
            "model": "research dr-web manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snmp",
            "version": "15.3"
          },
          {
            "model": "emulex 1gbit fibrechannel hub",
            "scope": null,
            "trust": 0.3,
            "vendor": "sgi",
            "version": null
          },
          {
            "model": "brocade",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "2.6.0"
          },
          {
            "model": "networks aos",
            "scope": null,
            "trust": 0.3,
            "vendor": "redback",
            "version": null
          },
          {
            "model": "realplayer intranet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "realnetworks",
            "version": "5.0"
          },
          {
            "model": "software tcpware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "process",
            "version": "5.5"
          },
          {
            "model": "software multinet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "process",
            "version": "4.4"
          },
          {
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.2"
          },
          {
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.1"
          },
          {
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.0"
          },
          {
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.5"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "6.0"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "5.1"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "5.0"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "4.11"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "4.2"
          },
          {
            "model": "netware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "4.0"
          },
          {
            "model": "ipso",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.4.1"
          },
          {
            "model": "ipso",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.4"
          },
          {
            "model": "ipso",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.3.1"
          },
          {
            "model": "ipso",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.3"
          },
          {
            "model": "ipso",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.1.3"
          },
          {
            "model": "ucd-snmp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "net snmp",
            "version": "4.2.1"
          },
          {
            "model": "ucd-snmp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "net snmp",
            "version": "4.1.1"
          },
          {
            "model": "windows xp professional",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows xp home",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows nt workstation sp6a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt terminal server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp6a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp6a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows nt enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "windows 98se",
            "scope": null,
            "trust": 0.3,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "98"
          },
          {
            "model": "windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "95"
          },
          {
            "model": "windows terminal services sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows terminal services sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows terminal services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows professional sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows professional sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows datacenter server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows datacenter server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows datacenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows advanced server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows advanced server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "windows advanced server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2000"
          },
          {
            "model": "domino snmp agents solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1x86"
          },
          {
            "model": "domino snmp agents solaris sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "model": "domino snmp agents hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "model": "lrs",
            "scope": null,
            "trust": 0.3,
            "vendor": "lantronix",
            "version": null
          },
          {
            "model": "junos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "5.1"
          },
          {
            "model": "junos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "5.0"
          },
          {
            "model": "solutions router ip console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "innerdive",
            "version": "3.3.0.406"
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.3"
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.2"
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.1"
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3"
          },
          {
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "model": "secure os software for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.0"
          },
          {
            "model": "procurve switch 8000m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch 4108gl-bundle",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch 4108gl",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch 4000m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2525"
          },
          {
            "model": "procurve switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2524"
          },
          {
            "model": "procurve switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2512"
          },
          {
            "model": "procurve switch 2424m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch 2400m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "procurve switch 1600m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "ov/sam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1"
          },
          {
            "model": "openview network node manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.10"
          },
          {
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.211.x"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.210.x"
          },
          {
            "model": "openview network node manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.111.x"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.110.x"
          },
          {
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "model": "openview network node manager nt 4.x/windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.02000"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.011.x"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.010.20"
          },
          {
            "model": "openview network node manager windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0.23.51/4.0"
          },
          {
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.01"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.01"
          },
          {
            "model": "openview network node manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.01"
          },
          {
            "model": "openview network node manager solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.11"
          },
          {
            "model": "openview network node manager hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.11"
          },
          {
            "model": "openview extensible snmp agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.0"
          },
          {
            "model": "openview emanate snmp agent solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "14.22.x"
          },
          {
            "model": "openview emanate snmp agent hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "14.211.x"
          },
          {
            "model": "openview emanate snmp agent hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "14.210.20"
          },
          {
            "model": "openview distributed management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "model": "openview distributed management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.03"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.5"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.5"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.5"
          },
          {
            "model": "mpe/ix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.0"
          },
          {
            "model": "mc/serviceguard",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "jetdirect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.20.00"
          },
          {
            "model": "jetdirect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.08.00"
          },
          {
            "model": "ito/vpo/ovo unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.04"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.24"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.20"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.0"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.20"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.10"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "model": "ems a.03.20",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "ems a.03.10",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "ems a.03.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "gzip",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gnu",
            "version": "3.1.02"
          },
          {
            "model": "services nmserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "comtek",
            "version": "3.4"
          },
          {
            "model": "associates unicenter",
            "scope": null,
            "trust": 0.3,
            "vendor": "computer",
            "version": null
          },
          {
            "model": "unixware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "7.1.1"
          },
          {
            "model": "unixware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "7.1.0"
          },
          {
            "model": "unixware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "7"
          },
          {
            "model": "openunix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "8.0"
          },
          {
            "model": "openserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "caldera",
            "version": "5.0.6"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0.14"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0.13"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0.12"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0.11"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "4.0"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.21"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.19"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.18"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.17"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.16"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.15"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.14"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.13"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.12"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.11"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.20"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.10"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.09"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.08"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.07"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.06"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.05"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.04"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.03"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1.02"
          },
          {
            "model": "cacheos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": "3.1"
          },
          {
            "model": "cacheos",
            "scope": null,
            "trust": 0.3,
            "vendor": "cacheflow",
            "version": null
          },
          {
            "model": "web nms msp edition",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "web nms",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "snmp utilities",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "snmp api",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "mediation server",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "management builder",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "fault management toolkit",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "configuration management toolkit",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "cli api",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "agent toolkit java/jmx edition",
            "scope": null,
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "agent toolkit c edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "adventnet",
            "version": null
          },
          {
            "model": "webcache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "3000"
          },
          {
            "model": "webcache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "1000"
          },
          {
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "4900"
          },
          {
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "4400"
          },
          {
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "3300"
          },
          {
            "model": "switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "1100"
          },
          {
            "model": "ps hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "50"
          },
          {
            "model": "ps hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3com",
            "version": "40"
          },
          {
            "model": "dual speed hub",
            "scope": null,
            "trust": 0.3,
            "vendor": "3com",
            "version": null
          },
          {
            "model": "brocade .0d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "2.6"
          },
          {
            "model": "ipso",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "3.4.2"
          },
          {
            "model": "ucd-snmp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "net snmp",
            "version": "4.2.2"
          },
          {
            "model": "solutions router ip console",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "innerdive",
            "version": "3.3.0.407"
          },
          {
            "model": "jetdirect",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.21.00"
          },
          {
            "model": "jetdirect",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "x.08.32"
          },
          {
            "model": "ios 12.0 wc 2900xl-lre",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "cbos a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4700"
          },
          {
            "model": "ios 12.2 yb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.7"
          },
          {
            "model": "as5850",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xk2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1000"
          },
          {
            "model": "ios 12.1aa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xe2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 ca1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.1.2"
          },
          {
            "model": "ios 12.0s",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hosting solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.3"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1(4.206)"
          },
          {
            "model": "netranger sensor",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yc2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.2"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "as5200",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1da",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vg248 analog phone gateway",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2gs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7750"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4(8)"
          },
          {
            "model": "ios 12.0 wt6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5.1"
          },
          {
            "model": "traffic director",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "ios 12.1 e5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 b2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 t3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3"
          },
          {
            "model": "ios 12.0 xn",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ya2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "as5300",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "icdn software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30002.0"
          },
          {
            "model": "cbos b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.2"
          },
          {
            "model": "ios 11.1 cc4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 4840g",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1 aa4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.2"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "39203.0(7)"
          },
          {
            "model": "secure ids network sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ios 12.2 mx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7100"
          },
          {
            "model": "cva120",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xt3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst native mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "560"
          },
          {
            "model": "ios 12.1 ea1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2sa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yh",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2b",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1005"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.015"
          },
          {
            "model": "ios 12.2 mx1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(1.200)"
          },
          {
            "model": "bpx/igx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12000"
          },
          {
            "model": "content distribution manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4670"
          },
          {
            "model": "ap340",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10700"
          },
          {
            "model": "css11000 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.1"
          },
          {
            "model": "ios 12.1 xi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "distributed director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2501"
          },
          {
            "model": "ios 12.1ec",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "intelligent contact manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.0(1)"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3000"
          },
          {
            "model": "ios 12.1 yi1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 2948g",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 da",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6"
          },
          {
            "model": "ios 12.1 ew",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4(7.202)"
          },
          {
            "model": "ios 12.2 xd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 ya",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "local director",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2bx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 da1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(5)xv5"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4232"
          },
          {
            "model": "ios 12.1 ec",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "user registration tool vlan policy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 dd3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hosting solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(1)"
          },
          {
            "model": "ios 11.1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "igx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 t4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 8540csr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8240",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2dd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0st",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 w5",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7010"
          },
          {
            "model": "unity server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst hybrid mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "ios 12.0 wc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(1)"
          },
          {
            "model": "icdn software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "snmpc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.0.4"
          },
          {
            "model": "ios 12.0 st5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0w5",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2bc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.0"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ios 12.0 sl4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst network analysis module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.2"
          },
          {
            "model": "ios 12.2t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xb3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 db2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82301.2.10"
          },
          {
            "model": "ios 12.1 ey",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "ios 12.0 xs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "590"
          },
          {
            "model": "ios 12.2s",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82501.2.10"
          },
          {
            "model": "catalyst msm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "nsp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6400"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4"
          },
          {
            "model": "ios 12.1 yd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "info center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "ios 12.0 wx5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 yc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e8",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "arrowpoint cs11000",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "secure ids host sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2950"
          },
          {
            "model": "ios 11.1 ct",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ubr7200",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xw",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.3"
          },
          {
            "model": "ios 12.2bc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1ia",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 8540msr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(5)xv4"
          },
          {
            "model": "ios 12.1 t12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "microswitch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1548"
          },
          {
            "model": "ios 12.1 e12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ios 12.0 sx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4000"
          },
          {
            "model": "ios 12.0 st",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst 8510csr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xs1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "bpx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea2b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xz7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 b4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2920"
          },
          {
            "model": "ios 12.1 ea1b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2p",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xk3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2600"
          },
          {
            "model": "as5800",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6200"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1700"
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "507"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7000"
          },
          {
            "model": "ios 12.1 e7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.5.1"
          },
          {
            "model": "ios 12.2 t1a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1(2)"
          },
          {
            "model": "ios 12.2 xa5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.1"
          },
          {
            "model": "ios 12.1 ew1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1ca",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.053"
          },
          {
            "model": "catalyst 2948g-l3",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2900"
          },
          {
            "model": "ios 12.2 mb3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(2)"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ios 12.2 t0a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.7"
          },
          {
            "model": "ios 12.0 wc2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ap350",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 dx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 sl6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "as5400",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0sp",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst xl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3500"
          },
          {
            "model": "ios 12.0 wc2b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1400"
          },
          {
            "model": "ios 12.1 yb5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xn1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.1.1"
          },
          {
            "model": "ios 12.1 e6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(3)"
          },
          {
            "model": "bts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10200"
          },
          {
            "model": "ios 12.0 sx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.8"
          },
          {
            "model": "ubr900",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.3(2)"
          },
          {
            "model": "ios 12.2 xb4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1aa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ios 12.0 t2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xg",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(7)"
          },
          {
            "model": "ios 12.1 xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 sa6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "sc2200/vsc3000",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wan manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xu",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xm2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 aa1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xp",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xh2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0wx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6400"
          },
          {
            "model": "infocenter",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(5)"
          },
          {
            "model": "cache engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "570"
          },
          {
            "model": "call manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xa1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 sc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 bc1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ex",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8260",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(6)"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.1.4"
          },
          {
            "model": "ios 12.1 yi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.0"
          },
          {
            "model": "ios 12.2 xj1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 bc1a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "ios 12.1 xm7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xe",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1.6"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "ios 12.1 ya",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "content router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4430"
          },
          {
            "model": "catalyst supervisor module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "ap352",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7600"
          },
          {
            "model": "internet cdn content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7320"
          },
          {
            "model": "ios 12.1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.3"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0(7)xv"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(3.210)"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(13)"
          },
          {
            "model": "ios 12.2da",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cache engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "505"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0.1"
          },
          {
            "model": "catalyst xl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2900"
          },
          {
            "model": "netranger",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1dc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "ios 12.1 ex3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4"
          },
          {
            "model": "ios 12.0sl",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "br350",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5000"
          },
          {
            "model": "ios 12.2 xt3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "content delivery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4650"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.0"
          },
          {
            "model": "ios 12.0 st3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(5)xv"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4500"
          },
          {
            "model": "ios 12.2 xw1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 da3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "br352",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xu2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "ons metro edge optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15327"
          },
          {
            "model": "ios 12.2 xk",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ey3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "microhub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1500"
          },
          {
            "model": "ios 12.2 t",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yf4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 s4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yh3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7320"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "ios 12.0sc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4232-13"
          },
          {
            "model": "ios 11.0",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst msfc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "mgx-8220",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "element management framework",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xh",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3600"
          },
          {
            "model": "catalyst 4908g-l3",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wgb340",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ciscoworks windows/wug",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2(5)"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2"
          },
          {
            "model": "ios 12.0 s2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8850 r1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 st4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2 gs6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82501.2.11"
          },
          {
            "model": "ios 12.0 xf1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.1"
          },
          {
            "model": "rsfc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "building broadband service manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "ios 12.1 ec1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1 ia",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ws-x6624",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea2a",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yd6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vpn concentrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30003.5"
          },
          {
            "model": "ios 11.1 ca2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "icdn software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "secure pix firewall",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7500"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3200"
          },
          {
            "model": "ios 12.2 xi1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "82301.2.11"
          },
          {
            "model": "switchprobe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "wgb352",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cat6k nam",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "br340",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xf5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "fasthub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4001.0"
          },
          {
            "model": "ios 12.2 xi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1"
          },
          {
            "model": "ios 12.1 ea2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2mb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rsm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0wt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "nrp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6400"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1.6"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.4"
          },
          {
            "model": "ws-x6608",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 by2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1600"
          },
          {
            "model": "ios 12.1 xz",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xl4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xs?",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.9"
          },
          {
            "model": "catalyst 8510msr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xm1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2500"
          },
          {
            "model": "ios 12.2 ya1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "service expansion shelf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xn",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 s",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst msfc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6000"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3"
          },
          {
            "model": "ios 12.0 xe1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "iad",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8110"
          },
          {
            "model": "ios 12.1 ex4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 xe2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4000"
          },
          {
            "model": "ios 12.1 e9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "ios 11.1ct",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3(3)"
          },
          {
            "model": "ios 12.1 xp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7300"
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3550"
          },
          {
            "model": "ios 12.1t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mgx-8850 r2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xd3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ea1a",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "internet cdn content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "590"
          },
          {
            "model": "ciscoworks windows",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 aa",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.2"
          },
          {
            "model": "ios 12.2 xk2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "esr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10000"
          },
          {
            "model": "ls1010 atm switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 dc1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.7.002"
          },
          {
            "model": "content router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4450"
          },
          {
            "model": "ios 12.1 xi8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "catalyst",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3900"
          },
          {
            "model": "ios 11.3 db1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "800"
          },
          {
            "model": "mc3810",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 by",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "as5350",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1cc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xj",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7200"
          },
          {
            "model": "content delivery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4630"
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.4(4)"
          },
          {
            "model": "catalyst 4912g",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "intelligent contact manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "cbos ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4.2"
          },
          {
            "model": "ios 12.0dc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2.1"
          },
          {
            "model": "ios 12.2 xl",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ubr10000",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "pix firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.0(2)"
          },
          {
            "model": "ios 12.2 xs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cbos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2.1"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200205-001"
          },
          {
            "db": "NVD",
            "id": "CVE-1999-1570"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by the Oulu University Secure Programming Group.",
        "sources": [
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-1999-1570",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-1999-1570",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-1999-1570",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#107186",
                "trust": 0.8,
                "value": "69.26"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#854306",
                "trust": 0.8,
                "value": "42.64"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200205-001",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200205-001"
          },
          {
            "db": "NVD",
            "id": "CVE-1999-1570"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below.  It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. \nThe resultant crash may be due to a buffer overflow condition.  If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. SNMP requests are messages sent from manager to agent systems.  They typically poll the agent for current performance or configuration information, ask for the next SNMP object in a Management Information Base (MIB), or modify the configuration settings of the agent. \nMultiple vulnerabilities have been discovered in a number of SNMP implementations.  The vulnerabilities are known to exist in the process of decoding and interpreting SNMP request messages. \nAmong the possible consequences are denial of service and allowing attackers to compromise target systems.  These depend on the individual vulnerabilities in each affected product.  A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. \nIt is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance.  The affected device may reset, or require a manual reset to regain functionality. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2002-03: Multiple Vulnerabilities in Many\nImplementations of the Simple Network Management Protocol (SNMP)\n\n   Original release date: February 12, 2002\n   Last revised: --\n   Source: CERT/CC\n\n   A complete revision history can be found at the end of this file. \n\nSystems Affected\n\n   Products  from  a  very  wide  variety of vendors may be affected. See\n   Vendor Information for details from vendors who have provided feedback\n   for this advisory. \n\n   In  addition to the vendors who provided feedback for this advisory, a\n   list  of  vendors  whom  CERT/CC contacted regarding these problems is\n   available from\n   http://www.kb.cert.org/vuls/id/854306\n   http://www.kb.cert.org/vuls/id/107186 \n\n   Many  other systems making use of SNMP may also be vulnerable but were\n   not specifically tested. \n\n   In addition to this advisory, we also have an FAQ available at\n   http://www.cert.org/tech_tips/snmp_faq.html\n\nI. Description\n\n   The  Simple  Network  Management  Protocol (SNMP) is a widely deployed\n   protocol  that is commonly used to monitor and manage network devices. \n   Version  1  of  the  protocol  (SNMPv1)  defines several types of SNMP\n   messages  that  are  used  to  request  information  or  configuration\n   changes,  respond  to  requests,  enumerate  SNMP  objects,  and  send\n   unsolicited  alerts.  The  Oulu  University  Secure  Programming Group\n   (OUSPG,  http://www.ee.oulu.fi/research/ouspg/)  has reported numerous\n   vulnerabilities in SNMPv1 implementations from many different vendors. \n   More information about SNMP and OUSPG can be found in Appendix C\n\n   OUSPG\u0027s  research  focused  on  the  manner in which SNMPv1 agents and\n   managers  handle  request  and  trap  messages. A trap message\n     may  indicate  a warning or error condition or otherwise notify the\n     manager about the agent\u0027s state. Request\n     messages  might be issued to obtain information from an agent or to\n     instruct  the  agent to configure the host device. \n\n   Vulnerabilities  in  the  decoding  and  subsequent processing of SNMP\n   messages  by  both managers and agents may result in denial-of-service\n   conditions,  format string vulnerabilities, and buffer overflows. Some\n   vulnerabilities  do  not  require  the SNMP message to use the correct\n   SNMP community string. \n\n   These   vulnerabilities   have   been  assigned  the  CVE  identifiers\n   CAN-2002-0012 and CAN-2002-0013, respectively. \n\nII. \n\nIII. Solution\n\n   Note  that  many  of  the  mitigation steps recommended below may have\n   significant  impact on your everyday network operations and/or network\n   architecture.  Ensure  that  any  changes  made based on the following\n   recommendations  will  not  unacceptably  affect  your ongoing network\n   operations capability. \n\nApply a patch from your vendor\n\n   Appendix A contains information provided by vendors for this advisory. \n   Please  consult this appendix to determine if you need to contact your\n   vendor directly. \n\nDisable the SNMP service\n\n   As  a  general  rule,  the CERT/CC recommends disabling any service or\n   capability   that   is   not   explicitly  required,  including  SNMP. \n   Unfortunately,  some  of  the  affected  products exhibited unexpected\n   behavior  or  denial  of  service conditions when exposed to the OUSPG\n   test  suite  even  if  SNMP was not enabled. In these cases, disabling\n   SNMP should be used in conjunction with the filtering practices listed\n   below to provide additional protection. \n\nIngress filtering\n\n   As a temporary measure, it may be possible to limit the scope of these\n   vulnerabilities  by  blocking  access  to SNMP services at the network\n   perimeter. \n\n   Ingress  filtering  manages the flow of traffic as it enters a network\n   under  your  administrative  control.  Servers  are typically the only\n   machines that need to accept inbound traffic from the public Internet. \n   In  the  network usage policy of many sites, there are few reasons for\n   external hosts to initiate inbound traffic to machines that provide no\n   public  services.  Thus,  ingress filtering should be performed at the\n   border   to   prohibit   externally   initiated   inbound  traffic  to\n   non-authorized  services. For SNMP, ingress filtering of the following\n   ports  can  prevent  attackers  outside of your network from impacting\n   vulnerable  devices  in  the  local  network  that  are not explicitly\n   authorized to provide public SNMP services. \n\n   snmp     161/udp     # Simple Network Management Protocol (SNMP)\n   snmp     162/udp     # SNMP system management messages\n\n   The  following  services  are  less  common,  but  may be used on some\n   affected products\n\n   snmp               161/tcp     #  Simple  Network  Management Protocol\n   (SNMP)\n   snmp               162/tcp     # SNMP system management messages\n   smux               199/tcp     # SNMP Unix Multiplexer\n   smux               199/udp     # SNMP Unix Multiplexer\n   synoptics-relay    391/tcp     # SynOptics SNMP Relay Port\n   synoptics-relay    391/udp     # SynOptics SNMP Relay Port\n   agentx             705/tcp     # AgentX\n   snmp-tcp-port     1993/tcp     # cisco SNMP TCP port\n   snmp-tcp-port     1993/udp     # cisco SNMP TCP port\n\n   As  noted  above, you should carefully consider the impact of blocking\n   services that you may be using. \n\n   It  is  important  to note that in many SNMP implementations, the SNMP\n   daemon may bind to all IP interfaces on the device. This has important\n   consequences  when  considering  appropriate packet filtering measures\n   required  to  protect  an  SNMP-enabled device. For example, even if a\n   device  disallows  SNMP  packets  directed  to the IP addresses of its\n   normal  network  interfaces, it may still be possible to exploit these\n   vulnerabilities  on that device through the use of packets directed at\n   the following IP addresses:\n     * \"all-ones\" broadcast address\n     * subnet broadcast address\n     * any  internal  loopback  addresses  (commonly  used in routers for\n       management purposes, not to be confused with the IP stack loopback\n       address 127.0.0.1)\n\n   Careful  consideration  should  be  given  to  addresses  of the types\n   mentioned  above  by  sites  planning  for packet filtering as part of\n   their mitigation strategy for these vulnerabilities. \n\n   Finally,  sites may wish to block access to the following RPC services\n   related to SNMP (listed as name, program ID, alternate names)\n\n   snmp               100122  na.snmp snmp-cmc snmp-synoptics snmp-unisys\n   snmp-utk\n   snmpv2             100138  na.snmpv2     # SNM Version 2.2.2\n   snmpXdmid          100249\n\n   Please  note  that  this workaround may not protect vulnerable devices\n   from internal attacks. \n\nFilter SNMP traffic from non-authorized internal hosts\n\n   In  many networks, only a limited number of network management systems\n   need to originate SNMP request messages. This can reduce, but not wholly eliminate, the\n   risk  from  internal attacks. However, it may have detrimental effects\n   on  network  performance  due  to  the  increased  load imposed by the\n   filtering, so careful consideration is required before implementation. \n   Similar  caveats  to  the  previous workaround regarding broadcast and\n   loopback addresses apply. \n\nChange default community strings\n\n   Most  SNMP-enabled  products  ship  with  default community strings of\n   \"public\"  for read-only access and \"private\" for read-write access. As\n   with   any   known  default  access  control  mechanism,  the  CERT/CC\n   recommends  that network administrators change these community strings\n   to  something  of  their  own  choosing.  However, even when community\n   strings  are changed from their defaults, they will still be passed in\n   plaintext and are therefore subject to packet sniffing attacks. SNMPv3\n   offers additional capabilities to ensure authentication and privacy as\n   described in RFC2574. \n\n   Because  many of the vulnerabilities identified in this advisory occur\n   before  the  community  strings are evaluated, it is important to note\n   that  performing  this  step  alone  is not sufficient to mitigate the\n   impact  of  these vulnerabilities. Nonetheless, it should be performed\n   as part of good security practice. \n\nSegregate SNMP traffic onto a separate management network\n\n   In  situations  where  blocking  or  disabling  SNMP  is not possible,\n   exposure  to  these  vulnerabilities may be limited by restricting all\n   SNMP  access  to  separate,  isolated management networks that are not\n   publicly  accessible.  Although  this would ideally involve physically\n   separate networks, that kind of separation is probably not feasible in\n   most environments. Mechanisms such as virtual LANs (VLANs) may be used\n   to  help  segregate  traffic  on  the same physical network. Note that\n   VLANs  may  not  strictly  prevent  an  attacker from exploiting these\n   vulnerabilities,  but  they may make it more difficult to initiate the\n   attacks. \n\n   Another  option  is  for  sites  to  restrict SNMP traffic to separate\n   virtual private networks (VPNs), which employ cryptographically strong\n   authentication. \n\n   Note  that  these  solutions may require extensive changes to a site\u0027s\n   network architecture. \n\nEgress filtering\n\n   Egress  filtering  manages  the flow of traffic as it leaves a network\n   under your administrative control. There is typically limited need for\n   machines providing public services to initiate outbound traffic to the\n   Internet.  In  the  case  of  SNMP  vulnerabilities,  employing egress\n   filtering on the ports listed above at your network border can prevent\n   your network from being used as a source for attacks on other sites. \n\nDisable stack execution\n\n   Disabling  executable  stacks  (on systems where this is configurable)\n   can  reduce  the  risk  of  \"stack  smashing\"  attacks  based on these\n   vulnerabilities. Although this does not provide 100 percent protection\n   against exploitation of these vulnerabilities, it makes the likelihood\n   of a successful exploit much smaller. On many UNIX systems, executable\n   stacks can be disabled by adding the following lines to /etc/system:\n\n   set noexec_user_stack = 1 set noexec_user_stack_log = 1\n\n   Note  that  this  may  go  against the SPARC and Intel ABIs and can be\n   bypassed  as required in programs with mprotect(2). For the changes to\n   take effect you will then need to reboot. \n\n   Other  operating  systems and architectures also support the disabling\n   of executable stacks either through native configuration parameters or\n   via  third-party  software.  Consult  your  vendor(s)  for  additional\n   information. \n\nShare tools and techniques\n\n   Because  dealing with these vulnerabilities to systems and networks is\n   so  complex, the CERT/CC will provide a forum where administrators can\n   share  ideas  and  techniques  that  can  be  used  to  develop proper\n   defenses.  We  have created an unmoderated mailing list for system and\n   network administrators to discuss helpful techniques and tools. \n\n   You  can  subscribe to the mailing list by sending an email message to\n   majordomo@cert.org. In the body of the message, type\n\n   subscribe snmp-forum\n\n   After you receive the confirmation message, follow the instructions in\n   the message to complete the subscription process. \n\nAppendix A. - Vendor Information\n\n   This  appendix  contains  information  provided  by  vendors  for this\n   advisory.  As  vendors  report new information to the CERT/CC, we will\n   update this section and note the changes in our revision history. If a\n   particular  vendor  is  not  listed  below, we have not received their\n   comments. \n\nAdventNet\n\n     This  is in reference to your notification regarding [VU#107186 and\n     VU#854306]  and  OUSPG#0100.   AdventNet  Inc.  has reproduced this\n     behavior  in  their  products and coded a Service Pack fix which is\n     currently   in   regression   testing   in  AdventNet  Inc.\u0027s  Q.A. \n     organization.    The  release  of  AdventNet  Inc\u0027s.  Service  Pack\n     correcting  the  behavior  outlined in VU#617947, and OUSPG#0100 is\n     scheduled  to  be  generally  available  to all of AdventNet Inc.\u0027s\n     customers by February 20, 2002. \n\nAvaya\n\n     Avaya  Inc. No further information is available at this time. \n\nCacheFlow\n\n     The  purpose of this email is to advise you that CacheFlow Inc. has\n     provided a software update. Please be advised that updated versions\n     of  the  software  are  now  available  for all supported CacheFlow\n     hardware  platforms,  and may be obtained by CacheFlow customers at\n     the following URL:\n\n          http://download.cacheflow.com/\n\n   The  specific reference to the software update is contained within the\n   Release  Notes  for  CacheOS  Versions 3.1.22 Release ID 17146, 4.0.15\n   Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149. \n\n   RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS:\n     * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm\n\n   RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS:\n     * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm\n     * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm\n     * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm\n\n     * SR   1-1647517,   VI  13045:  This  update  modified  a  potential\n     vulnerability by using an SNMP test tools exploit. \n\n3Com Corporation\n\n     A  vulnerability to an SNMP packet with an invalid length community\n     string  has  been  resolved  in  the  following products. Customers\n     concerned  about  this  weakness should ensure that they upgrade to\n     the following agent versions:\n     PS Hub 40\n     2.16 is due Feb 2002\n     PS Hub 50\n     2.16 is due Feb 2002\n     Dual Speed Hub\n     2.16 is due Jan 2002\n     Switch 1100/3300\n     2.68 is available now\n     Switch 4400\n     2.02 is available now\n     Switch 4900\n     2.04 is available now\n     WebCache1000/3000\n     2.00 is due Jan 2002\n\nCaldera\n\n     Caldera   International,  Inc.  has  reproduced  faulty behavior in\n     Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX\n     8.  We have coded a software fix for  supported versions of Caldera\n     UnixWare  7  and  Caldera  Open UNIX 8 that will  be available from\n     our   support   site  at  http://stage.caldera.com/support/security\n     immediately  following the publication of this CERT announcement. A\n     fix  for  supported versions of OpenServer 5 will be available at a\n     later date. \n\nCisco Systems\n\n     Cisco  Systems  is  addressing  the  vulnerabilities  identified by\n     VU#854306  and VU#107186 across its entire product line. Cisco will\n     publish    a    security   advisory   with   further   details   at\n     http://www.cisco.com/go/psirt/. \n\nCompaq Computer Corporation\n\n     x-ref: SSRT0779U SNMP\n     At  the time of writing this document, COMPAQ continues to evaluate\n     this potential problem and when new versions of SNMP are available,\n     COMPAQ  will implement solutions based on the new code. Compaq will\n     provide  notice  of  any  new  patches  as  a result of that effort\n     through  standard  patch  notification  procedures and be available\n     from your normal Compaq Services support channel. \n\nComputer Associates\n\n     Computer  Associates  has  confirmed Unicenter vulnerability to the\n     SNMP  advisory identified by CERT notification reference [VU#107186\n     \u0026   VU#854306]   and   OUSPG#0100.   We  have  produced  corrective\n     maintenance  to  address  these  vulnerabilities,  which  is in the\n     process  of publication for all applicable releases / platforms and\n     will  be  offered  through the CA Support site.  Please contact our\n     Technical    Support   organization   for   information   regarding\n     availability / applicability for your specific configuration(s). \n\nCOMTEK Services, Inc. \n\n     NMServer  for  AS/400  is  not  an SNMP master and is therefore not\n     vulnerable.  However  this  product  requires the use of the AS/400\n     SNMP  master  agent  supplied  by  IBM. \n\n     NMServer   for  OpenVMS  has  been  tested  and  has  shown  to  be\n     vulnerable.  COMTEK  Services  is  preparing  a new release of this\n     product  (version  3.5)  which will contain a fix for this problem. \n     This  new  release  is  scheduled to be available in February 2002. \n     Contact COMTEK Services for further information. \n\n     NMServer  for VOS has not as yet been tested; vulnerability of this\n     agent  is  unknown.  Contact for further information on the testing\n     schedule of the VOS product. \n\nCovalent Technologies\n\n     Covalent Technologies ERS (Enterprise Ready Server), Secure Server,\n     and  Conductor  SNMP module are not vulnerable according to testing\n     performed   in   accordance  with  CERT  recommendations.  Security\n     information for Covalent products can be found at www.covalent.net\n\nDartware, LLC\n\n     Dartware,  LLC  (www.dartware.com)  supplies  two products that use\n     SNMPv1  in  a  manager  role,  InterMapper  and SNMP Watcher.  This statement applies to all present\n     and past versions of these two software packages. \n\nDMH Software\n\n     DMH  Software  is  in  the  process of evaluating and attempting to\n     reproduce this behavior. \n     It  is  unclear at this point if our snmp-agent is sensitive to the\n     tests described above. \n     If  any  problems  will  be  discovered,  DMH  Software will code a\n     software fix. \n     The  release of DMH Software OS correcting the behavior outlined in\n     VU#854306, VU#107186, and OUSPG#0100 will be generally available to\n     all of DMH Software\u0027s customers as soon as possible. \n\nEnGarde Secure Linux\n\n     EnGarde  Secure  Linux  did  not  ship any SNMP packages in version\n     1.0.1 of our distribution, so we are not vulnerable to either bug. \n\nFreeBSD\n\n     FreeBSD  does  not  include any SNMP software by default, and so is\n     not vulnerable.  However, the FreeBSD Ports Collection contains the\n     UCD-SNMP   /   NET-SNMP   package.    Package   versions  prior  to\n     ucd-snmp-4.2.3  are  vulnerable.   The upcoming FreeBSD 4.5 release\n     will  ship  the  corrected  version  of  the  UCD-SNMP  /  NET-SNMP\n     package.   In  addition,  the  corrected version of the packages is\n     available from the FreeBSD mirrors. \n\n     FreeBSD   has   issued  the  following  FreeBSD  Security  Advisory\n     regarding the UCD-SNMP / NET-SNMP package:\n     ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09. \n     snmp.asc. \n\nHewlett-Packard Company\n\n     SUMMARY - known vulnerable:\n     ========================================\n     hp procurve switch 2524\n     NNM  (Network Node Manager)\n     JetDirect Firmware (Older versions only)\n     HP-UX Systems running snmpd or OPENVIEW\n     MC/ServiceGuard\n     EMS\n     Still under investigation:\n     SNMP/iX (MPE/iX)\n     ========================================\n     _________________________________________________________\n     ---------------------------------------------------------\n     hp procurve switch 2524 \n     ---------------------------------------------------------\n     hp procurve switch 2525 (product J4813A) is vulnerable to some\n     issues, patches in process. Watch for the associated HP\n     Security Bulletin. \n     ---------------------------------------------------------\n     NNM  (Network Node Manager)\n     ---------------------------------------------------------\n     Some problems were found in NNM product were related to\n     trap handling. Patches in process. Watch for the\n     associated HP Security Bulletin. \n     ---------------------------------------------------------\n     JetDirect Firmware (Older versions only)\n     ---------------------------------------------------------\n     ONLY some older versions of JetDirect Firmware are\n     vulnerable to some of the issues.  The older firmware\n     can be upgraded in most cases, see list below. \n     JetDirect Firmware Version    State\n     ==========================    =====\n        X.08.32 and higher     NOT Vulnerable\n        X.21.00 and higher     NOT Vulnerable\n     JetDirect Product Numbers that can be freely\n     upgraded to X.08.32 or X.21.00 or higher firmware. \n     EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)\n     J3110A 10T\n     J3111A 10T/10B2/LocalTalk\n     J3112A Token Ring (discontinued)\n     J3113A 10/100 (discontinued)\n     J4169A 10/100\n     J4167A Token Ring\n     MIO (Peripherals LaserJet 4, 4si, 5si, etc...)\n     J2550A/B 10T (discontinued)\n     J2552A/B 10T/10Base2/LocalTalk (discontinued)\n     J2555A/B Token Ring (discontinued)\n     J4100A 10/100\n     J4105A Token Ring\n     J4106A 10T\n     External Print Servers\n     J2591A EX+ (discontinued)\n     J2593A EX+3 10T/10B2 (discontinued)\n     J2594A EX+3 Token Ring (discontinued)\n     J3263A 300X 10/100\n     J3264A 500X Token Ring\n     J3265A 500X 10/100\n     ----------------------------------------------------------\n     HP-UX Systems running snmpd or OPENVIEW\n     ----------------------------------------------------------\n     The following patches are available now:\n       PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch\n       PHSS_26138 s700_800 11.X  OV EMANATE14.2 Agent Consolidated Patch\n       PSOV_03087 EMANATE Release 14.2 Solaris 2.X  Agent Consolidated\n     Patch\n     All three patches are available from:\n     http://support.openview.hp.com/cpe/patches/\n     In addition PHSS_26137 and PHSS_26138 will soon be available from:\n     http://itrc.hp.com\n     ================================================================\n     NOTE: The patches are labeled OV(Open View). However, the patches\n     are also applicable to systems that are not running Open View. \n     =================================================================\n     Any   HP-UX  10.X  or  11.X  system  running  snmpd  or  snmpdm  is\n     vulnerable. \n     To determine if your HP-UX system has snmpd or snmpdm installed:\n       swlist -l file | grep snmpd\n     If a patch is not available for your platform or you cannot install\n     an  available  patch,  snmpd and snmpdm can be disabled by removing\n     their\n     entries  from  /etc/services  and  removing the execute permissions\n     from\n     /usr/sbin/snmpd and /usr/sbin/snmpdm. \n     ----------------------------------------------------------------\n     Investigation completed, systems vulnerable. \n     ----------------------------------------------------------------\n     MC/ServiceGuard\n     Event Monitoring System  (EMS)\n     ----------------------------------------------------------------\n       Still under investigation:\n     ----------------------------------------------------------------\n     SNMP/iX (MPE/iX)\n\nHirschmann Electronics GmbH \u0026 Co. KG\n\n     Hirschmann  Electronics  GmbH  \u0026  Co.  KG supplies a broad range of\n     networking  products,  some  of  which  are  affected  by  the SNMP\n     vulnerabilities  identified by CERT Coordination Center. Hirschmann customers may contact our Competence\n     Center (phone +49-7127-14-1538, email:\n     ans-support@nt.hirschmann.de)     for    additional    information,\n     especially  regarding  availability  of  latest  firmware  releases\n     addressing the SNMP vulnerabilities. \n\nIBM Corporation\n\n     Based  upon  the  results  of  running  the  test  suites  we  have\n     determined  that  our  version  of  SNMP  shipped  with  AIX is NOT\n     vulnerable. \n\nInnerdive Solutions, LLC\n\n     Innerdive Solutions, LLC has two SNMP based products:\n     1. The \"SNMP MIB Scout\"\n     (http://www.innerdive.com/products/mibscout/)\n     2. The \"Router IP Console\" (http://www.innerdive.com/products/ric/)\n     The \"SNMP MIB Scout\" is not vulnerable to either bug. \n     The \"Router IP Console\" releases prior to 3.3.0.407 are vulnerable. \n     The release of \"Router IP Console\" correcting the behavior outlined\n     in  OUSPG#0100  is  3.3.0.407 and is already available on our site. \n     Also,  we  will  notify all our customers about this new release no\n     later than March 5, 2002. \n\nJuniper Networks\n\n     This  is  in reference to your notification regarding CAN-2002-0012\n     and  CAN-2002-0013.   Juniper Networks has reproduced this behavior\n     and coded a software fix.  The fix will be included in all releases\n     of  JUNOS Internet software built after January 5, 2002.  Customers\n     with  current  support contracts can download new software with the\n     fix from Juniper\u0027s web site at www.juniper.net. \n     Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can\n     only  be  reproduced  in JUNOS Internet software if certain tracing\n     options  are  enabled.   These options are generally not enabled in\n     production routers. \n\nLantronix, Inc. \n\n     Lantronix  is  committed  to  resolving  security  issues  with our\n     products.  The SNMP security bug you reported has been fixed in LRS\n     firmware version B1.3/611(020123). \n\nLotus Development Corporation\n\n     Lotus    Software   evaluated   the   Lotus   Domino   Server   for\n     vulnerabilities using the test suite materials provided by OUSPG. \n     This  problem  does  not affect default installations of the Domino\n     Server.   However,  SNMP  agents  can  be  installed from the CD to\n     provide  SNMP  services for the Domino Server (these are located in\n     the   /apps/sysmgmt/agents   directory).    The  optional  platform\n     specific  master  and  encapsulator  agents included with the Lotus\n     Domino  SNMP  Agents  for  HP-UX  and Solaris have been found to be\n     vulnerable.  For  those  platforms,  customers  should  upgrade  to\n     version  R5.0.1  a  of  the Lotus Domino SNMP Agents, available for\n     download  from the Lotus Knowledge Base on the IBM Support Web Site\n     (http://www.ibm.com/software/lotus/support/).   Please   refer   to\n     Document  #191059,  \"Lotus Domino SNMP Agents R5.0.1a\", also in the\n     Lotus Knowledge Base, for more details. \n\nLOGEC Systems Inc\n\n     The  products  from  LOGEC  Systems are exposed to SNMP only via HP\n     OpenView.  We  do  not have an implementation of SNMP ourselves. As\n     such,  there is nothing in our products that would be an issue with\n     this alert. \n\nLucent\n\n     Lucent is aware of reports that there is a vulnerability in certain\n     implementations  of  the  SNMP (Simple Network Management Protocol)\n     code  that  is  used in data switches and other hardware throughout\n     the telecom industry. \n     As soon as we were notified by CERT, we began assessing our product\n     portfolio  and  notifying  customers  with  products  that might be\n     affected. \n     Our  5ESS  switch  and  most  of  our  optical  portfolio  were not\n     affected.   Our  core  and  edge  ATM switches and most of our edge\n     access  products  are  affected, but we have developed, tested, and\n     deployed  fixes for many of those products to our customers. \n     We consider the security and reliability of our customers\u0027 networks\n     to  be  one  of  our  critical  measures  of success. We take every\n     reasonable measure to ensure their satisfaction. \n     In  addition,  we  are  working  with  customers on ways to further\n     enhance the security they have in place today. \n\nMarconi\n\n     Marconi  supplies  a  broad range of telecommunications and related\n     products,  some  of  which are affected by the SNMP vulnerabilities\n     identified  here. Those\n     Marconi   customers   with  support  entitlement  may  contact  the\n     appropriate   Technical  Assistance  Center  (TAC)  for  additional\n     information.  Those not under support entitlement may contact their\n     sales representative. \n\nMicrosoft Corporation\n\n     The  Microsoft  Security Reponse [sic] Center has investigated this\n     issue, and provides the following information.  The  SNMP v1 service is not installed or running by\n     default on any version of Windows. A patch is underway to eliminate\n     the  vulnerability.  In  the  meantime,  we recommend that affected\n     customers disable the SNMP v1 service. \n\n     Details:\n     An  SNMP  v1 service ships on the CDs for Windows 95, 98, and 98SE. \n     It  is  not  installed  or  running  by  default  on  any  of these\n     platforms.  An SNMP v1 is NOT provided for Windows ME.  However, it\n     is  possible  that  Windows  98  machines  which  had  the  service\n     installed  and  were  upgraded would still have the service.  Since\n     SNMP  is  not  supported for WinME, customers in this situation are\n     urged to remove the SNMP service. \n     An  SNMP  v1  service  is  available  on  Windows NT 4.0 (including\n     Terminal  Server  Edition) and Windows 2000 but is not installed or\n     running  by  default  on any of these platforms.Windows XP does not\n     ship with an SNMP v1 service. \n\n     Remediation:\n     A  patch  is  underway  for  the  affected  platforms,  and will be\n     released  shortly.  In  the  meantime,  Microsoft  recommends  that\n     customers  who  have  the  SNMP  v1  service  running disable it to\n     protect their systems. Following are instruction for doing this:\n\n     Windows 95, 98 and 98SE:\n     1. In Control Panel, double-click Network. \n     2. On  the  Configuration  tab,  select Microsoft SNMP Agent from the\n        list of installed components. \n     3. Click Remove\n\n     Check the following keys and confirm that snmp.exe is not listed. \n     HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunSer\n     vices\n     HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\n \n     For Windows XP:\n     1. Right-click on My Computer and select Manage\n     2. Click on Services and Applications, then on Services\n     3. Location  SNMP  on  the list of services, then select it and click\n        Stop. \n     4. Select Startup, and click Disabled. \n     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer\n        Management window. \n   \n     For Windows NT 4.0 (including Terminal Server Edition):\n     1. Select Start, then Settings. \n     2. Select Control Panel, then click on the Services Icon\n     3. Locate  SNMP  on  the  list  of services, then select it and click\n        Stop. \n     4. Select Startup, and click Disabled. \n     5. Click OK to close the dialoge [sic], then close Control Panel\n\n     Windows 2000:\n     1. Right-click on My Computer and select Manage\n     2. Click on Services and Applications, then on Services\n     3. Location  SNMP  on  the list of services, then select it and click\n        Stop. \n     4. Select Startup, and click Disabled. \n     5. Click  OK  to  close  the  dialoge  [sic], then close the Computer\n        Management window. \n\nMultinet\n\n     MultiNet  and  TCPware customers should contact Process Software to\n     check  for  the availability of patches for this issue. A couple of\n     minor  problems were found and fixed, but there is no security risk\n     related to the SNMP code included with either product. \n\nNetaphor\n\n     NETAPHOR  SOFTWARE INC. is the creator of Cyberons for Java -- SNMP\n     Manager  Toolkit  and Cyberons for Java -- NMS Application Toolkit,\n     two   Java  based  products  that  may  be  affected  by  the  SNMP\n     vulnerabilities  identified  here.  The  manner  in  which they are\n     affected  and the actions required (if any) to avoid being impacted\n     by  exploitation  of  these  vulnerabilities,  may  be  obtained by\n     contacting  Netaphor  via email at info@netaphor.com Customers with\n     annual support may contact support@netaphor.com directly. Those not\n     under    support    entitlement   may   contact   Netaphor   sales:\n     sales@netaphor.com or (949) 470 7955 in USA. \n\nNetBSD\n\n     NetBSD does not ship with any SNMP tools in our \u0027base\u0027 releases. We\n     do  provide  optional  packages  which  provide various support for\n     SNMP.  These  packages  are  not installed by default, nor are they\n     currently  provided  as  an  install option by the operating system\n     installation tools. A system administrator/end-user has to manually\n     install this with our package management tools. These SNMP packages\n     include:\n          + netsaint-plugin-snmp-1.2.8.4  (SNMP  monitoring  plug-in  for\n            netsaint)\n          + p5-Net-SNMP-3.60 (perl5 module for SNMP queries)\n          + p5-SNMP-3.1.0  (Perl5  module for interfacing to the UCD SNMP\n            library\n          + p5-SNMP_Session-0.83   (perl5  module  providing  rudimentary\n            access to remote SNMP agents)\n          + ucd-snmp-4.2.1  (Extensible  SNMP  implementation) (conflicts\n            with ucd-snmp-4.1.2)\n          + ucd-snmp-4.1.2  (Extensible  SNMP  implementation) (conflicts\n            with ucd-snmp-4.2.1)\n\n     We    do   provide   a   software   monitoring   mechanism   called\n     \u0027audit-packages\u0027,  which allows us to highlight if a package with a\n     range  of  versions  has  a potential vulnerability, and recommends\n     that the end-user upgrade the packages in question. \n\nNetscape Communications Corporation\n\n     Netscape  continues  to be committed to maintaining a high level of\n     quality  in  our  software  and  service  offerings.  Part  of this\n     commitment  includes  prompt response to security issues discovered\n     by organizations such as the CERT Coordination Center. \n     According  to a recent CERT/CC advisory, The Oulu University Secure\n     Programming  Group (OUSPG) has reported numerous vulnerabilities in\n     multiple  vendor  SNMPv1 implementations. \n     We  have  carefully  examined the reported findings, performing the\n     tests  suggested  by the OUSPG to determine whether Netscape server\n     products  were  subject to these vulnerabilities. It was determined\n     that several products fell into this category. As a result, we have\n     created  fixes  which will resolve the issues, and these fixes will\n     appear  in  future  releases  of  our  product  line. To Netscape\u0027s\n     knowledge,  there  are  no known instances of these vulnerabilities\n     being exploited and no customers have been affected to date. \n     When such security warnings are issued, Netscape has committed to -\n     and will continue to commit to - resolving these issues in a prompt\n     and timely fashion, ensuring that our customers receive products of\n     the highest quality and security. \n\nNET-SNMP\n\n     All  ucd-snmp  version  prior  to  4.2.2  are  susceptible  to this\n     vulnerability  and  users  of  versions  prior to version 4.2.2 are\n     encouraged   to   upgrade   their  software  as  soon  as  possible\n     (http://www.net-snmp.org/download/).  Version  4.2.2 and higher are\n     not susceptible. \n\nNetwork Associates\n\n     PGP is not affected, impacted, or otherwise related to this VU#. \n\nNetwork Computing Technologies\n\n     Network   Computing   Technologies  has  reviewed  the  information\n     regarding  SNMP  vulnerabilities and is currently investigating the\n     impact to our products. \n\nNokia\n\n     This  vulnerability  is  known  to affect IPSO versions 3.1.3, 3.3,\n     3.3.1,  3.4,  and  3.4.1.   Patches  are  currently  available  for\n     versions  3.3,  3.3.1,  3.4  and  3.4.1 for download from the Nokia\n     website.   In  addition,  version  3.4.2  shipped  with  the  patch\n     incorporated,  and the necessary fix will be included in all future\n     releases of IPSO. \n     We  recommend customers install the patch immediately or follow the\n     recommended precautions below to avoid any potential exploit. \n     If you are not using SNMP services, including Traps, simply disable\n     the   SNMP   daemon   to   completely   eliminate   the   potential\n     vulnerability. \n     If   you  are  using  only  SNMP  Traps  and  running  Check  Point\n     FireWall-1,  create  a  firewall  policy  to disallow incoming SNMP\n     messages on all appropriate interfaces. Traps will continue to work\n     normally. \n\nNortel Networks\n\n     The  CERT Coordination Center has issued a broad based alert to the\n     technology industry, including Nortel Networks, regarding potential\n     security   vulnerabilities   identified   in   the  Simple  Network\n     Management  Protocol  (SNMP),  a  common  networking  standard. The\n     company   is   working   with  CERT  and  other  network  equipment\n     manufacturers, the U.S. Government, service providers, and software\n     suppliers to assess and address this issue. \n\nNovell\n\n     Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x\n     and  6.0  systems. The SNMP and SNMPLOG vulnerabilities detected on\n     NetWare  are  fixed and will be available through NetWare 6 Support\n     Pack 1 \u0026 NetWare 5.1 Support Pack 4. Support packs are available at\n     http://support.novell.com/tools/csp/\n\nOpenBSD\n\n     OpenBSD does not ship SNMP code. \n\nQualcomm\n\n     WorldMail  does  not  support SNMP by default, so customers who run\n     unmodified installations are not vulnerable. \n\nRedback Networks, Inc. \n\n     Redback  Networks,  Inc.  has  identified that the vulnerability in\n     question  affects  certain versions of AOS software on the SMS 500,\n     SMS  1800,  and  SMS 10000 platforms, and is taking the appropriate\n     steps necessary to correct the issue. \n\nRed Hat\n\n     RedHat has released a security advisiory [sic] at\n     http://www.redhat.com/support/errata/RHSA-2001-163.html\n     with  updated  versions  of  the ucd-snmp package for all supported\n     releases and architectures. For more information or to download the\n     update please visit this page. \n\nSGI\n\n     SGI  acknowledges  the SNMP vulnerabilities reported by CERT and is\n     currently  investigating.  No  further  information is available at\n     this time. \n     For  the  protection  of  all our customers, SGI does not disclose,\n     discuss  or  confirm vulnerabilities until a full investigation has\n     occurred  and  any  necessary  patch(es)  or  release  streams  are\n     available  for all vulnerable and supported IRIX operating systems. \n     Until SGI has more definitive information to provide, customers are\n     encouraged  to  assume  all security vulnerabilities as exploitable\n     and  take  appropriate  steps  according  to  local  site  security\n     policies   and   requirements.   As   further  information  becomes\n     available,  additional advisories will be issued via the normal SGI\n     security  information  distribution  methods  including the wiretap\n     mailing list on http://www.sgi.com/support/security/. \n\nSNMP Research International\n\n     SNMP  Research  has  made  the following vendor statement. They are\n     likely  to  revise  and  expand  the  statement as the date for the\n     public vulnerability announcement draws nearer.   Users  maintaining\n     earlier  releases should update to the current release if they have\n     not  already  done  so.  Up-to-date  information  is available from\n     support@snmp.com. Other Stonesoft\u0027s products are\n     still   under   investigation.   As   further  information  becomes\n     available, additional advisories will be available at\n     http://www.stonesoft.com/support/techcenter/\n\nSun Microsystems, Inc. \n\n     Sun\u0027s  SNMP  product,  Solstice  Enterprise Agents (SEA), described\n     here:\n     http://www.sun.com/solstice/products/ent.agents/\n     is  affected  by VU#854306 but not VU#107186. More specifically the\n     main  agent  of  SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8. \n     Sun  is  currently  generating  patches  for this issue and will be\n     releasing  a  Sun Security Bulletin once the patches are available. \n     The bulletin will be available from:\n     http://sunsolve.sun.com/security.  Sun  patches are available from:\n     http://sunsolve.sun.com/securitypatch. \n\nSymantec Corporation\n\n     Symantec Corporation has investigated the SNMP issues identified by\n     the  OUSPG test suite and determined that Symantec products are not\n     susceptable [sic] to these issues. \n\nTANDBERG\n\n     Tandberg  have  run  all  the  testcases found the PROTOS test-suie\n     [sic], c06snmpv1:\n     1. c06-snmpv1-trap-enc-pr1.jar\n     2. c06-snmpv1-treq-app-pr1.jar\n     3. c06-snmpv1-trap-enc-pr1.jar\n     4. c06-snmpv1-req-app-pr1.jar\n     The  tests  were  run with standard delay time between the requests\n     (100ms),  but  also  with  a delay of 1ms. The tests applies to all\n     TANDBERG  products (T500, T880, T1000, T2500, T6000 and T8000). The\n     software  tested  on these products were B4.0 (our latest software)\n     and no problems were found when running the test suite. \n\nAppendix B. - References\n         1. http://www.ee.oulu.fi/research/ouspg/protos/\n         2. http://www.kb.cert.org/vuls/id/854306\n         3. http://www.kb.cert.org/vuls/id/107186\n         4. http://www.cert.org/tech_tips/denial_of_service.html\n         5. http://www.ietf.org/rfc/rfc1067.txt\n         6. http://www.ietf.org/rfc/rfc1089.txt\n         7. http://www.ietf.org/rfc/rfc1140.txt\n         8. http://www.ietf.org/rfc/rfc1155.txt\n         9. http://www.ietf.org/rfc/rfc1156.txt\n        10. http://www.ietf.org/rfc/rfc1215.txt\n        11. http://www.ietf.org/rfc/rfc1270.txt\n        12. http://www.ietf.org/rfc/rfc1352.txt\n\nAppendix C. - Background Information\n\n     Background Information on the OUSPG\n\n       OUSPG  is an academic research group located at Oulu University in\n       Finland.  The  purpose  of this research group is to test software\n       for vulnerabilities. \n       History  has  shown  that  the  techniques  used by the OUSPG have\n       discovered a large number of previously undetected problems in the\n       products  and  protocols  they  have  tested.  In  2001, the OUSPG\n       produced a comprehensive test suite for evaluating implementations\n       of  the  Lightweight  Directory  Access Protocol (LDAP). This test\n       suite  was  developed with the strategy of abusing the protocol in\n       unsupported  and  unexpected  ways,  and  it was very effective in\n       uncovering  a  wide  variety  of  vulnerabilities  across  several\n       products.  This approach can reveal vulnerabilities that would not\n       manifest themselves under normal conditions. \n       After  completing  its  work  on  LDAP,  OUSPG  moved its focus to\n       SNMPv1.  As  with  LDAP,  they designed a custom test suite, began\n       testing   a   selection   of  products,  and  found  a  number  of\n       vulnerabilities.  Because  OUSPG\u0027s  work  on  LDAP  was similar in\n       procedure  to its current work on SNMP, you may wish to review the\n       LDAP  Test  Suite  and  CERT  Advisory  CA-2001-18, which outlined\n       results of application of the test suite. \n       In order to test the security of protocols like SNMPv1, the PROTOS\n       project  presents  a  server with a wide variety of sample packets\n       containing  unexpected  values  or  illegally formatted data. As a\n       member of the PROTOS project consortium, the OUSPG used the PROTOS\n       c06-snmpv1  test  suite  to  study  several implementations of the\n       SNMPv1  protocol. \n\n     Background Information on the Simple Network Management Protocol\n     \n       The  Simple Network Management Protocol (SNMP) is the most popular\n       protocol  in use to manage networked devices. SNMP was designed in\n       the late 80\u0027s to facilitate the exchange of management information\n       between  networked  devices, operating at the application layer of\n       the  ISO/OSI  model.  The SNMP protocol enables network and system\n       administrators  to  remotely  monitor and configure devices on the\n       network  (devices  such  as  switches  and  routers). Software and\n       firmware products designed for networks often make use of the SNMP\n       protocol.  SNMP  runs  on  a  multitude  of  devices and operating\n       systems, including, but not limited to,\n          + Core  Network  Devices (Routers, Switches, Hubs, Bridges, and\n            Wireless Network Access Points)\n          + Operating Systems\n          + Consumer  Broadband  Network  Devices  (Cable  Modems and DSL\n            Modems)\n          + Consumer Electronic Devices (Cameras and Image Scanners)\n          + Networked   Office  Equipment  (Printers,  Copiers,  and  FAX\n            Machines)\n          + Network and Systems Management/Diagnostic Frameworks (Network\n            Sniffers and Network Analyzers)\n          + Uninterruptible Power Supplies (UPS)\n          + Networked Medical Equipment (Imaging Units and Oscilloscopes)\n          + Manufacturing and Processing Equipment\n       The  SNMP  protocol  is  formally defined in RFC1157. Quoting from\n       that RFC:\n\n                Implicit  in the SNMP architectural model is a collection\n                of  network  management  stations  and  network elements. \n                Network    management    stations    execute   management\n                applications  which monitor and control network elements. \n                Network  elements  are  devices  such as hosts, gateways,\n                terminal  servers,  and  the  like, which have management\n                agents  responsible for performing the network management\n                functions  requested  by the network management stations. \n                The  Simple Network Management Protocol (SNMP) is used to\n                communicate  management  information  between the network\n                management   stations  and  the  agents  in  the  network\n                elements. \n\n       Additionally,   SNMP  is  discussed  in  a  number  of  other  RFC\n       documents:\n          + RFC 3000 Internet Official Protocol Standards\n          + RFC 1212 Concise MIB Definitions\n          + RFC  1213  Management Information Base for Network Management\n            of TCP/IP-based Internets: MIB-II\n          + RFC  1215  A  Convention  for Defining Traps for use with the\n            SNMP\n          + RFC 1270 SNMP Communications Services\n          + RFC  2570  Introduction to Version 3 of the Internet-standard\n            Network Management Framework\n          + RFC  2571  An  Architecture  for  Describing  SNMP Management\n            Frameworks\n          + RFC  2572  Message  Processing and Dispatching for the Simple\n            Network Management Protocol (SNMP)\n          + RFC 2573 SNMP Applications\n          + RFC 2574 User-based Security Model (USM) for version 3 of the\n            Simple Network Management Protocol (SNMPv3)\n          + RFC  2575  View-based  Access  Control  Model  (VACM) for the\n            Simple Network Management Protocol (SNMP)\n          + RFC  2576  Coexistence  between  Version  1,  Version  2, and\n            Version   3   of  the  Internet-standard  Network  Management\n            Framework\n         _____________________________________________________________\n\n       The  CERT  Coordination  Center  thanks the Oulu University Secure\n       Programming  Group  for reporting these vulnerabilities to us, for\n       providing  detailed  technical  analyses,  and for assisting us in\n       preparing  this  advisory.  We also thank Steven M. Bellovin (AT\u0026T\n       Labs  --  Research),  Wes Hardaker (Net-SNMP), Steve Moulton (SNMP\n       Research),  Tom Reddington (Bell Labs), Mike Duckett (Bell South),\n       Rob   Thomas,  Blue  Boar  (Thievco),  and  the  many  others  who\n       contributed to this document. \n         _____________________________________________________________\n\n       Feedback  on  this document can be directed to the authors, Ian A. \n       Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D. \n       Householder, Marty Lindner, and Art Manion. \n       __________________________________________________________________\n\n       This document is available from:\n       http://www.cert.org/advisories/CA-2002-03.html\n       __________________________________________________________________\n\n       CERT/CC Contact Information\n\n        Email: cert@cert.org\n                Phone: +1 412-268-7090 (24-hour hotline)\n                Fax: +1 412-268-6989\n                Postal address:\n                CERT Coordination Center\n                Software Engineering Institute\n                Carnegie Mellon University\n                Pittsburgh PA 15213-3890\n                U.S.A. \n\n       CERT/CC  personnel  answer  the  hotline  08:00-17:00 EST(GMT-5) /\n       EDT(GMT-4) Monday through Friday; they are on call for emergencies\n       during other hours, on U.S. holidays, and on weekends. \n       \n       Using encryption\n       We  strongly  urge  you  to  encrypt sensitive information sent by\n       email. Our public PGP key is available from\n        http://www.cert.org/CERT_PGP.key\n       If  you  prefer  to use DES, please call the CERT hotline for more\n       information. \n       \n       Getting  security information\n       CERT publications and other security information are available\n       from our web site\n        http://www.cert.org/\n       To   subscribe  to  the  CERT  mailing  list  for  advisories  and\n       bulletins, send email to majordomo@cert.org. Please include in the\n       body of your message\n       \n         subscribe cert-advisory\n       \n       * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n       Patent and Trademark Office. \n       __________________________________________________________________\n\n       NO WARRANTY\n       Any  material  furnished  by  Carnegie  Mellon  University and the\n       Software  Engineering  Institute is furnished on an \"as is\" basis. \n       Carnegie Mellon University makes no warranties of any kind, either\n       expressed  or  implied as to any matter including, but not limited\n       to,   warranty   of   fitness   for   a   particular   purpose  or\n       merchantability,  exclusivity  or results obtained from use of the\n       material. Carnegie Mellon University does not make any warranty of\n       any  kind  with  respect  to  freedom  from  patent, trademark, or\n       copyright infringement. \n         _____________________________________________________________\n\n       Conditions for use, disclaimers, and sponsorship information\n       Copyright 2002 Carnegie Mellon University. \n\nRevision History\n\n       February 12, 2002: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU\nR1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl\nQUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr\nuZiMJ5f2SEo=\n=h42e\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-1999-1570"
          },
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "4089",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "4132",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "4732",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-1999-1570",
            "trust": 1.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#107186",
            "trust": 0.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306",
            "trust": 0.9
          },
          {
            "db": "BID",
            "id": "4088",
            "trust": 0.8
          },
          {
            "db": "VULN-DEV",
            "id": "20020509 SAR -O EXPLOITATION PROCESS INFO.",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "8989",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "19990909 19 SCO 5.0.5+SKUNWARE98 BUFFER OVERFLOWS",
            "trust": 0.6
          },
          {
            "db": "CALDERA",
            "id": "CSSA-2002-SCO.17",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200205-001",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "25758",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200205-001"
          },
          {
            "db": "NVD",
            "id": "CVE-1999-1570"
          }
        ]
      },
      "id": "VAR-200205-0149",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.42828385666666663
      },
      "last_update_date": "2025-04-03T22:25:20.962000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-1999-1570"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/4089"
          },
          {
            "trust": 1.7,
            "url": "http://www.ee.oulu.fi/research/ouspg/protos/"
          },
          {
            "trust": 1.7,
            "url": "http://www.cert.org/tech_tips/denial_of_service.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.ietf.org/rfc/rfc1215.txt"
          },
          {
            "trust": 1.7,
            "url": "http://www.ietf.org/rfc/rfc1270.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc3000.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc1212.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc1213.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2570.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2571.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2572.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2573.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2574.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2575.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.ietf.org/rfc/rfc2576.txt"
          },
          {
            "trust": 1.6,
            "url": "http://online.securityfocus.com/bid/4132"
          },
          {
            "trust": 1.6,
            "url": "http://online.securityfocus.com/bid/4732"
          },
          {
            "trust": 1.6,
            "url": "http://www.iss.net/security_center/static/8989.php"
          },
          {
            "trust": 1.6,
            "url": "ftp://stage.caldera.com/pub/security/openserver/cssa-2002-sco.17/cssa-2002-sco.17.txt"
          },
          {
            "trust": 1.6,
            "url": "http://online.securityfocus.com/archive/1/27074"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=vuln-dev\u0026m=102098949103708\u0026w=2"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/4088"
          },
          {
            "trust": 0.7,
            "url": "http://www.cert.org/advisories/ca-2002-03.html"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=vuln-dev\u0026m=102098949103708\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f44605"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f42769"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f43365"
          },
          {
            "trust": 0.3,
            "url": "http://online.securityfocus.com/news/474"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-006.asp"
          },
          {
            "trust": 0.3,
            "url": "http://otn.oracle.com/deploy/security/pdf/snmp_2002_alert.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f46343"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-non-ios-pub.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/public/sw-center/sw-ios.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1352.txt"
          },
          {
            "trust": 0.1,
            "url": "http://www.redhat.com/support/errata/rhsa-2001-163.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.cert.org/tech_tips/snmp_faq.html"
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/ca/4.1.02/relnotes.htm"
          },
          {
            "trust": 0.1,
            "url": "http://www.innerdive.com/products/ric/)"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/107186"
          },
          {
            "trust": 0.1,
            "url": "https://www.juniper.net."
          },
          {
            "trust": 0.1,
            "url": "http://sunsolve.sun.com/securitypatch."
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/854306"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/go/psirt/."
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/ca/4.0.15/relnotes.htm"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1067.txt"
          },
          {
            "trust": 0.1,
            "url": "https://www.dartware.com)"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1140.txt"
          },
          {
            "trust": 0.1,
            "url": "http://itrc.hp.com"
          },
          {
            "trust": 0.1,
            "url": "http://www.sun.com/solstice/products/ent.agents/"
          },
          {
            "trust": 0.1,
            "url": "http://stage.caldera.com/support/security"
          },
          {
            "trust": 0.1,
            "url": "http://www.ee.oulu.fi/research/ouspg/)"
          },
          {
            "trust": 0.1,
            "url": "http://www.net-snmp.org/download/)."
          },
          {
            "trust": 0.1,
            "url": "http://www.cert.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.cert.org/cert_pgp.key"
          },
          {
            "trust": 0.1,
            "url": "http://www.ibm.com/software/lotus/support/)."
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/sa/4.0.15/relnotes.htm"
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1156.txt"
          },
          {
            "trust": 0.1,
            "url": "http://support.novell.com/tools/csp/"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/cpe/patches/"
          },
          {
            "trust": 0.1,
            "url": "https://www.covalent.net"
          },
          {
            "trust": 0.1,
            "url": "http://www.innerdive.com/products/mibscout/)"
          },
          {
            "trust": 0.1,
            "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/0100.h"
          },
          {
            "trust": 0.1,
            "url": "http://sunsolve.sun.com/security."
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1155.txt"
          },
          {
            "trust": 0.1,
            "url": "http://www.stonesoft.com/support/techcenter/"
          },
          {
            "trust": 0.1,
            "url": "http://www.sgi.com/support/security/."
          },
          {
            "trust": 0.1,
            "url": "http://www.ietf.org/rfc/rfc1089.txt"
          },
          {
            "trust": 0.1,
            "url": "http://download.cacheflow.com/release/ca/3.1.22/relnotes.htm"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200205-001"
          },
          {
            "db": "NVD",
            "id": "CVE-1999-1570"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          },
          {
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200205-001"
          },
          {
            "db": "NVD",
            "id": "CVE-1999-1570"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2002-01-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "date": "2002-05-13T00:00:00",
            "db": "BID",
            "id": "4732"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "BID",
            "id": "4089"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "BID",
            "id": "4132"
          },
          {
            "date": "2002-02-12T22:54:19",
            "db": "PACKETSTORM",
            "id": "25758"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200205-001"
          },
          {
            "date": "2002-05-01T04:00:00",
            "db": "NVD",
            "id": "CVE-1999-1570"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-11-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#107186"
          },
          {
            "date": "2007-11-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#854306"
          },
          {
            "date": "2002-05-13T00:00:00",
            "db": "BID",
            "id": "4732"
          },
          {
            "date": "2009-07-11T10:56:00",
            "db": "BID",
            "id": "4089"
          },
          {
            "date": "2002-02-12T00:00:00",
            "db": "BID",
            "id": "4132"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200205-001"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-1999-1570"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "4732"
          },
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "BID",
            "id": "4132"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in SNMPv1 trap handling",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#107186"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "4089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200205-001"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-200511-0133

    Vulnerability from variot - Updated: 2025-04-03 21:50

    The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. RFC 2616 According to TRACE Supports methods Web The server is set in the browser Cookie A vulnerability exists in which information is obtained.Set in browser Cookie Authentication information derived from (Basic Authentication: base64 Contains encoded user information ) May get you. Sun Solaris Management Console is prone to an information-disclosure vulnerability. The attacker may exploit this issue along with other attacks, such as cross-site scripting, to steal cookie-based authentication credentials.

    TITLE: Sun Solaris HTTP TRACE Response Cross-Site Scripting Issue

    SECUNIA ADVISORY ID: SA17334

    VERIFY ADVISORY: http://secunia.com/advisories/17334/

    CRITICAL: Not critical

    IMPACT: Cross Site Scripting

    WHERE:

    From local network

    OPERATING SYSTEM: Sun Solaris 10 http://secunia.com/product/4813/ Sun Solaris 8 http://secunia.com/product/94/ Sun Solaris 9 http://secunia.com/product/95/

    DESCRIPTION: Sun has acknowledged a security issue in Solaris, which potentially can be exploited by malicious people to conduct cross-site scripting attacks. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site when combined with certain browser vulnerabilities. It is reportedly not possible to disable the TRACE method.

    The security issue has been reported in Solaris 8, 9 and 10 on both SPARC and x86 platforms.

    SOLUTION: Apply patches when available.

    The vendor recommends that the SMC may be disabled as a workaround.

    -- SPARC Platform --

    Solaris 9: Apply patch 116807-02 or later.

    -- x86 Platform --

    Solaris 9: Apply patch 116808-02 or later.

    PROVIDED AND/OR DISCOVERED BY: Reported by vendor.

    ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200511-0133",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sun",
            "version": "9.0"
          },
          {
            "model": "sunos",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sun",
            "version": "5.8"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lotus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": "http server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "apache",
            "version": "1.3.27"
          },
          {
            "model": "http server",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "apache",
            "version": "2.0.44"
          },
          {
            "model": "java system web server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "7.0"
          },
          {
            "model": "one/iplanet web server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "4.1"
          },
          {
            "model": "one/iplanet web server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "6.0"
          },
          {
            "model": "one/iplanet web server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "6.1"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "8 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "8 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (x86)"
          },
          {
            "model": "iis",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "4.0"
          },
          {
            "model": "iis",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "5.0"
          },
          {
            "model": "iis",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "5.1"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "8.0"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "9"
          },
          {
            "model": "solaris 8 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "solaris 8 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "solaris 10.0 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "BID",
            "id": "15222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3398"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apache:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:sun:java_system_web_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:sun:one_web_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:microsoft:iis",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This issue was reported by Sun.",
        "sources": [
          {
            "db": "BID",
            "id": "15222"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2005-3398",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2005-3398",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2005-3398",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#867593",
                "trust": 0.8,
                "value": "3.71"
              },
              {
                "author": "NVD",
                "id": "CVE-2005-3398",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200511-012",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3398"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. RFC 2616 According to TRACE Supports methods Web The server is set in the browser Cookie A vulnerability exists in which information is obtained.Set in browser Cookie Authentication information derived from (Basic Authentication: base64 Contains encoded user information ) May get you. Sun Solaris Management Console is prone to an information-disclosure vulnerability. The attacker may exploit this issue along with other attacks, such as cross-site scripting, to steal cookie-based authentication credentials. \n\nTITLE:\nSun Solaris HTTP TRACE Response Cross-Site Scripting Issue\n\nSECUNIA ADVISORY ID:\nSA17334\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17334/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nSun Solaris 10\nhttp://secunia.com/product/4813/\nSun Solaris 8\nhttp://secunia.com/product/94/\nSun Solaris 9\nhttp://secunia.com/product/95/\n\nDESCRIPTION:\nSun has acknowledged a security issue in Solaris, which potentially\ncan be exploited by malicious people to conduct cross-site scripting\nattacks. This\ncan be exploited to execute arbitrary HTML and script code in a\nuser\u0027s browser session in context of an affected site when combined\nwith certain browser vulnerabilities. It is reportedly not possible\nto disable the TRACE method. \n\nThe security issue has been reported in Solaris 8, 9 and 10 on both\nSPARC and x86 platforms. \n\nSOLUTION:\nApply patches when available. \n\nThe vendor recommends that the SMC may be disabled as a workaround. \n\n-- SPARC Platform --\n\nSolaris 9:\nApply patch 116807-02 or later. \n\n-- x86 Platform --\n\nSolaris 9:\nApply patch 116808-02 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-3398"
          },
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          },
          {
            "db": "BID",
            "id": "15222"
          },
          {
            "db": "PACKETSTORM",
            "id": "41017"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2005-3398",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "15222",
            "trust": 2.7
          },
          {
            "db": "SECUNIA",
            "id": "17334",
            "trust": 1.7
          },
          {
            "db": "SECUNIA",
            "id": "13090",
            "trust": 1.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#867593",
            "trust": 1.6
          },
          {
            "db": "SECTRACK",
            "id": "1015112",
            "trust": 1.6
          },
          {
            "db": "VUPEN",
            "id": "ADV-2005-2226",
            "trust": 1.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#288308",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "9561",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2003-000018",
            "trust": 0.8
          },
          {
            "db": "US GOVERNMENT",
            "id": "OVAL:ORG.MITRE.OVAL:DEF:1445",
            "trust": 0.6
          },
          {
            "db": "SUNALERT",
            "id": "102016",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200511-012",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "41017",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "BID",
            "id": "15222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          },
          {
            "db": "PACKETSTORM",
            "id": "41017"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3398"
          }
        ]
      },
      "id": "VAR-200511-0133",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2025-04-03T21:50:33.412000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "In the news 03-01-24",
            "trust": 0.8,
            "url": "http://www.apacheweek.com/issues/03-01-24#news"
          },
          {
            "title": "200171",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200171-1"
          },
          {
            "title": "50603",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50603-1"
          },
          {
            "title": "102016",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1"
          },
          {
            "title": "50603",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50603-3"
          },
          {
            "title": "102016",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-3"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.microsoft.com/ja/jp/default.aspx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3398"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/15222"
          },
          {
            "trust": 2.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1"
          },
          {
            "trust": 1.6,
            "url": "http://securitytracker.com/id?1015112"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/17334"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1445"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2005/2226"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc2616.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.cgisecurity.com/whitehat-mirror/wh-whitepaper_xst_ebook.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/tools/urlscan.asp"
          },
          {
            "trust": 0.8,
            "url": "http://httpd.apache.org/docs/mod/mod_rewrite.html"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp"
          },
          {
            "trust": 0.8,
            "url": "http://www.w3.org/dom/"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/dhtml_node_entry.asp"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/workshop/author/dhtml/reference/properties/cookie.asp"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xmlsdk/htm/xml_obj_ixmlhttprequest_8bp0.asp"
          },
          {
            "trust": 0.8,
            "url": "http://www.apacheweek.com/issues/03-01-24#news"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/13090/"
          },
          {
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57670-1"
          },
          {
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1"
          },
          {
            "trust": 0.8,
            "url": "http://www-1.ibm.com/support/docview.wss?\u0026uid=swg21201202"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.sun.com/meena/entry/disabling_trace_in_sun_java"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3398"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-3398"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/13090"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/9561"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/288308"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/867593"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2005/2226"
          },
          {
            "trust": 0.6,
            "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1445"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/4813/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/95/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/17334/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/94/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "BID",
            "id": "15222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          },
          {
            "db": "PACKETSTORM",
            "id": "41017"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3398"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "db": "BID",
            "id": "15222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          },
          {
            "db": "PACKETSTORM",
            "id": "41017"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3398"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2003-01-24T00:00:00",
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "date": "2005-10-26T00:00:00",
            "db": "BID",
            "id": "15222"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          },
          {
            "date": "2005-10-28T19:44:24",
            "db": "PACKETSTORM",
            "id": "41017"
          },
          {
            "date": "2005-11-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          },
          {
            "date": "2005-11-01T12:47:00",
            "db": "NVD",
            "id": "CVE-2005-3398"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2009-08-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#867593"
          },
          {
            "date": "2007-06-13T20:09:00",
            "db": "BID",
            "id": "15222"
          },
          {
            "date": "2009-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2003-000018"
          },
          {
            "date": "2009-01-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2005-3398"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "BID",
            "id": "15222"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200511-012"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0036

    Vulnerability from variot - Updated: 2024-09-10 21:21

    Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.". Autonomy KeyView IDOL The library contains multiple vulnerabilities in the file parsing process. Autonomy KeyView IDOL Is 1000 A library that decodes these file formats and is used in many applications. Autonomy KeyView IDOL The library contains multiple vulnerabilities such as memory corruption and arbitrary code execution.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. ( DoS ) An attacker could be attacked or execute arbitrary code with application privileges. Failed attempts may result in a denial-of-service condition. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: Autonomy KeyView File Processing Vulnerabilities

    SECUNIA ADVISORY ID: SA51362

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51362/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51362

    RELEASE DATE: 2012-11-21

    DISCUSS ADVISORY: http://secunia.com/advisories/51362/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/51362/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=51362

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system.

    The vulnerabilities are caused due to errors when processing unspecified file formats and can be exploited to corrupt memory. No further information is currently available.

    The vulnerabilities are reported in versions prior to 10.16.

    SOLUTION: Update to version 10.16.

    PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC

    ORIGINAL ADVISORY: US-CERT VU#849841: http://www.kb.cert.org/vuls/id/849841

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0036",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "domino",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.5.0"
          },
          {
            "model": "messaging gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "10.0.1"
          },
          {
            "model": "notes",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "model": "data loss prevention endpoint",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "11.6.1"
          },
          {
            "model": "mail security",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "6.5.7"
          },
          {
            "model": "data loss prevention endpoint",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "mail security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "6.5.7"
          },
          {
            "model": "notes",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.5.3"
          },
          {
            "model": "data loss prevention enforce\\/detection servers",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "11.6.1"
          },
          {
            "model": "messaging gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "9.5"
          },
          {
            "model": "autonomy keyview idol",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "10.16"
          },
          {
            "model": "domino",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.5.3.6"
          },
          {
            "model": "data loss prevention enforce\\/detection servers",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "mail security",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "8.1.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "autonomy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ca",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "emc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hyland",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lotus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nuance",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "palisade",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "proofpoint",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "trend micro",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "trustwave",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "verdasys",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "websense",
            "version": null
          },
          {
            "model": "keyview idol",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "autonomy",
            "version": "library  10.16 earlier"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.1"
          },
          {
            "model": "messaging gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.5"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.2"
          },
          {
            "model": "lotus notes fp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.2"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.3"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1.0"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.2.1"
          },
          {
            "model": "lotus domino 8.5.3fp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "lotus domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "model": "messaging gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "9.5.1"
          },
          {
            "model": "lotus domino fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.12"
          },
          {
            "model": "keyview idol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10"
          },
          {
            "model": "lotus domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.1"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.2.0"
          },
          {
            "model": "lotus notes fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1.2"
          },
          {
            "model": "lotus domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "model": "zimbra",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "0"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.5"
          },
          {
            "model": "lotus domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.3"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1.3"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.1"
          },
          {
            "model": "data loss prevention detection servers for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "keyview idol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "autonomy",
            "version": "10.13.1"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.1.1"
          },
          {
            "model": "data loss prevention endpoint agents",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.1"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1.1"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.1"
          },
          {
            "model": "lotus domino 8.5fp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "lotus domino fp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "model": "lotus domino 8.5.1fp5",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "lotus domino fp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "model": "data loss prevention detection servers for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "model": "lotus domino fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "model": "mail security for microsoft exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.6"
          },
          {
            "model": "lotus notes fp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "model": "lotus notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "BID",
            "id": "56610"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005584"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6277"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:autonomy:autonomy_keyview_idol",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005584"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Will Dormann",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201211-461"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2012-6277",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2012-6277",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 8.7,
                "exploitability": "NOT DEFINED",
                "exploitabilityScore": 10.0,
                "id": "CVE-2012-6277",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "NOT DEFINED",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2012-005584",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-59558",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2012-6277",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-6277",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-6277",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2012-005584",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201211-461",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-59558",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005584"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201211-461"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6277"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to \"a number of underlying issues\" in which \"some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.\". Autonomy KeyView IDOL The library contains multiple vulnerabilities in the file parsing process. Autonomy KeyView IDOL Is 1000 A library that decodes these file formats and is used in many applications. Autonomy KeyView IDOL The library contains multiple vulnerabilities such as memory corruption and arbitrary code execution.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. ( DoS ) An attacker could be attacked or execute arbitrary code with application privileges. Failed attempts may result in a denial-of-service condition. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nAutonomy KeyView File Processing Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51362\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51362/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51362\n\nRELEASE DATE:\n2012-11-21\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51362/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51362/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51362\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Autonomy KeyView,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nThe vulnerabilities are caused due to errors when processing\nunspecified file formats and can be exploited to corrupt memory. No\nfurther information is currently available. \n\nThe vulnerabilities are reported in versions prior to 10.16. \n\nSOLUTION:\nUpdate to version 10.16. \n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann, CERT/CC\n\nORIGINAL ADVISORY:\nUS-CERT VU#849841:\nhttp://www.kb.cert.org/vuls/id/849841\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-6277"
          },
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005584"
          },
          {
            "db": "BID",
            "id": "56610"
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "PACKETSTORM",
            "id": "118283"
          },
          {
            "db": "PACKETSTORM",
            "id": "118291"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#849841",
            "trust": 3.8
          },
          {
            "db": "BID",
            "id": "56610",
            "trust": 2.8
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6277",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "51362",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1027799",
            "trust": 0.8
          },
          {
            "db": "OSVDB",
            "id": "87619",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005584",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201211-461",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "51365",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "118283",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "118291",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "BID",
            "id": "56610"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005584"
          },
          {
            "db": "PACKETSTORM",
            "id": "118283"
          },
          {
            "db": "PACKETSTORM",
            "id": "118291"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201211-461"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6277"
          }
        ]
      },
      "id": "VAR-202002-0036",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-09-10T21:21:49.335000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Autonomy Global Offices",
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/Autonomy/Offices/index.en.html"
          },
          {
            "title": "IDOL\u30b3\u30cd\u30af\u30bf",
            "trust": 0.8,
            "url": "http://www.autonomy.co.jp/content/Technology/idol-functionality-information-connectivity/index.ja.html"
          },
          {
            "title": "KeyView IDOL \u0026 Connectors",
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/Products/idol-modules-connectors/index.en.html"
          },
          {
            "title": "Security Advisories Relating to Symantec Products - Symantec Updates HP Autonomy Keyview Filter Issues Affecting Multiple Vendors",
            "trust": 0.8,
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026suid=20121120_00"
          },
          {
            "title": "\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u30fc - \u8907\u6570\u306e\u30d9\u30f3\u30c0\u30fc\u304c\u5f71\u97ff\u3092\u53d7\u3051\u308b HP Autonomy KeyView Filter \u306e\u554f\u984c\u306b\u95a2\u3059\u308b\u66f4\u65b0 (SYM12-018)",
            "trust": 0.8,
            "url": "https://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20121120_00"
          },
          {
            "title": "Micro Focus Autonomy KeyView IDOL Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110271"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005584"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201211-461"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-6277"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.securityfocus.com/bid/56610"
          },
          {
            "trust": 1.7,
            "url": "https://support.symantec.com/us/en/article.symsa1262.html"
          },
          {
            "trust": 1.7,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=27482"
          },
          {
            "trust": 1.7,
            "url": "https://vulmon.com/vulnerabilitydetails?qid=cve-2012-6277"
          },
          {
            "trust": 1.7,
            "url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
          },
          {
            "trust": 1.7,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
          },
          {
            "trust": 1.7,
            "url": "https://www.kb.cert.org/vuls/id/849841/"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/plugins/nessus/67192"
          },
          {
            "trust": 1.3,
            "url": "https://www.kb.cert.org/vuls/id/849841"
          },
          {
            "trust": 1.2,
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20121120_00"
          },
          {
            "trust": 1.1,
            "url": "http://www.autonomy.com/content/products/idol-modules-connectors/index.en.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/technology/idol-functionality-information-connectivity/index.en.html"
          },
          {
            "trust": 0.8,
            "url": "https://customers.autonomy.com"
          },
          {
            "trust": 0.8,
            "url": "http://support.microsoft.com/kb/2458544"
          },
          {
            "trust": 0.8,
            "url": "http://www.youtube.com/watch?v=28_lus_g0u4"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id/1027799"
          },
          {
            "trust": 0.8,
            "url": "http://www.osvdb.org/show/osvdb/87619"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/51362 "
          },
          {
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/news/releases/2004/0803a.en.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.autonomy.com/content/news/releases/2008/0701.en.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu849841"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6277"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627992"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51362/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51362/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51362"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51365/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51365"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51365/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "BID",
            "id": "56610"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005584"
          },
          {
            "db": "PACKETSTORM",
            "id": "118283"
          },
          {
            "db": "PACKETSTORM",
            "id": "118291"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201211-461"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6277"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "db": "BID",
            "id": "56610"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005584"
          },
          {
            "db": "PACKETSTORM",
            "id": "118283"
          },
          {
            "db": "PACKETSTORM",
            "id": "118291"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201211-461"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6277"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-11-20T00:00:00",
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "date": "2012-11-20T00:00:00",
            "db": "BID",
            "id": "56610"
          },
          {
            "date": "2012-11-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-005584"
          },
          {
            "date": "2012-11-23T08:19:25",
            "db": "PACKETSTORM",
            "id": "118283"
          },
          {
            "date": "2012-11-23T08:19:51",
            "db": "PACKETSTORM",
            "id": "118291"
          },
          {
            "date": "2012-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201211-461"
          },
          {
            "date": "2020-02-21T17:15:10.883000",
            "db": "NVD",
            "id": "CVE-2012-6277"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#849841"
          },
          {
            "date": "2020-03-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-59558"
          },
          {
            "date": "2013-03-22T18:56:00",
            "db": "BID",
            "id": "56610"
          },
          {
            "date": "2012-11-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-005584"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201211-461"
          },
          {
            "date": "2020-03-04T20:18:25.227000",
            "db": "NVD",
            "id": "CVE-2012-6277"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201211-461"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#849841"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201211-461"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200106-0170

    Vulnerability from variot - Updated: 2024-07-30 19:36

    Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument. There is a buffer overflow defect in the ctl_getitem() function of the Network Time Protocol (NTP) daemon responsible for providing accurate time reports used for synchronizing the clocks on installed systems. All NTP daemons based on code maintained at the University of Delaware since NTPv2 are assumed at risk. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. NTP, the Network Time Protocol, is used to synchronize the time between a computer and another system or time reference. It uses UDP as a transport protocol. There are two protocol versions in use: NTP v3 and NTP v4. The 'ntpd' daemon implementing version 3 is called 'xntp3'; the version implementing version 4 is called 'ntp'. On UNIX systems, the 'ntpd' daemon is available to regularly synchronize system time with internet time servers. Many versions of 'ntpd' are prone to a remotely exploitable buffer-overflow issue. A remote attacker may be able to crash the daemon or execute arbitrary code on the host. If successful, the attacker may gain root access on the victim host or may denial NTP service on the affected host. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources. -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6

    X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php

    This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php


    Contents: * 120 Reported Vulnerabilities * Risk Factor Key


    Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php

    Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php

    Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php

    Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php

    Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php

    Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php

    Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php

    Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php

    Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php

    Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php

    Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php

    Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php

    Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php

    Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php

    Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php

    Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php

    Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php

    Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php

    Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php

    Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php

    Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php

    Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php

    Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php

    Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php

    Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php

    Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php

    Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php

    Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php

    Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php

    Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php

    Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php

    Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php

    Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php

    Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php

    Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php

    Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php

    Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php

    Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php

    Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php

    Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php

    Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php

    Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php

    Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php

    Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php

    Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php

    Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php

    Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php

    Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php

    Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php

    Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php

    Date Reported: 04/16/2001 Brief Description: Microsoft Internet Explorer altering CLSID action allows malicious file execution Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
    Vulnerability: ie-clsid-execute-files X-Force URL: http://xforce.iss.net/static/6426.php

    Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php

    Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php

    Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php

    Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php

    Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php

    Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php

    Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php

    Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php

    Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php

    Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php

    Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php

    Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php

    Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php

    Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php

    Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php

    Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php

    Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php

    Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php

    Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php

    Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php

    Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php

    Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php

    Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php

    Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php

    Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php

    Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php

    Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php

    Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php

    Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php

    Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php

    Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php

    Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php

    Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php

    Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php

    Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php

    Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php

    Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php

    Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php

    Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php

    Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php

    Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php

    Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php

    Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php

    Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php

    Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php

    Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php


    Risk Factor Key:

        High    Any vulnerability that provides an attacker with immediate
                access into a machine, gains superuser access, or bypasses
                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version
                that allows an intruder to execute commands on mail
                server. 
        Medium  Any vulnerability that provides information that has a
                high potential of giving system access to an intruder. 
                Example: A misconfigured TFTP or vulnerable NIS server
                that allows an intruder to get the password file that
                could contain an account with a guessable password. 
        Low     Any vulnerability that provides information that
                potentially could lead to a compromise.  Example:  A
                finger that allows an intruder to find out who is online
                and potential accounts to attempt to crack passwords
                via brute force methods.
    

    About Internet Security Systems (ISS)

    Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.

    Copyright (c) 2001 by Internet Security Systems, Inc.

    Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.

    Disclaimer

    The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

    X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.

    Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv

    iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200106-0170",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "lotus",
            "version": null
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dave mills",
            "version": "4.0.99f"
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dave mills",
            "version": "4.0.99d"
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dave mills",
            "version": "4.0.99b"
          },
          {
            "model": "xntp3",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dave mills",
            "version": "5.93c"
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dave mills",
            "version": "4.0.99e"
          },
          {
            "model": "xntp3",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dave mills",
            "version": "5.93e"
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dave mills",
            "version": "4.0.99a"
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dave mills",
            "version": "4.0.99"
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dave mills",
            "version": "4.0.99c"
          },
          {
            "model": "xntp3",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dave mills",
            "version": "5.93d"
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dave mills",
            "version": "4.0.99j"
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dave mills",
            "version": "4.0.99h"
          },
          {
            "model": "xntp3",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dave mills",
            "version": "5.93"
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dave mills",
            "version": "4.0.99i"
          },
          {
            "model": "ntpd",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dave mills",
            "version": "4.0.99k"
          },
          {
            "model": "ntpd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dave mills",
            "version": "4.0.99g"
          },
          {
            "model": "xntp3",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dave mills",
            "version": "5.93b"
          },
          {
            "model": "xntp3",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dave mills",
            "version": "5.93a"
          },
          {
            "model": "ios 12.0 w5",
            "scope": null,
            "trust": 0.9,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "berkeley design",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "compaq computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "the sco group sco linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "the sco group sco unix",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "university of delaware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rit",
            "version": null
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.01"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.10"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.20"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "10.24"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.00"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.04"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "6.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "7.0"
          },
          {
            "model": "ios 12.0 xk",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.01"
          },
          {
            "model": "ios 12.0xu",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.2(3)"
          },
          {
            "model": "ios 11.3na",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2bc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3wa4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xp",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills ntpd g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "ios 12.1xd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 st1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.0"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.10"
          },
          {
            "model": "pgw2200 pstn gateway",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills ntpd e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "virtual switch controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3000"
          },
          {
            "model": "ios 12.1xw",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xu",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ec",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills xntp3 e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "5.93"
          },
          {
            "model": "ios 12.1 yb4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1aa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0"
          },
          {
            "model": "ios 12.1xc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1xx"
          },
          {
            "model": "ios 12.1 xf4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0s",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xa1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1cx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 e",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.2"
          },
          {
            "model": "ios 12.1 aa",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 cx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1yf",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3aa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1da",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2gs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2dd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3ha",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 xs2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xm",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2pi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2s",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.2(4)"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1"
          },
          {
            "model": "solaris 2.6 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "ios 12.2pb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.0.4"
          },
          {
            "model": "ios 12.1yd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ip manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "ios 12.0xg",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0wt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yf2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills xntp3 c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "5.93"
          },
          {
            "model": "mills ntpd h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "ios 11.3t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 wc2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.3"
          },
          {
            "model": "ios 12.2xd",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3ma",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills ntpd c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "ios 12.2yc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris 8 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1xv"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.11"
          },
          {
            "model": "ios 12.2xa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.0"
          },
          {
            "model": "ios 12.2xh",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills xntp3 b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "5.93"
          },
          {
            "model": "mills ntpd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "ios 12.0xn",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 bp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.2"
          },
          {
            "model": "ios 12.1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 t",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.3"
          },
          {
            "model": "ios 12.0wc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1ia",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills ntpd k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "ios 12.1 yd2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xl",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2da",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "2.6"
          },
          {
            "model": "ios 12.1 xm4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills xntp3 d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "5.93"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.0.1"
          },
          {
            "model": "ios 12.0xi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris 8 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "ios 12.0xb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1ct",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xh",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 s",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.0.2"
          },
          {
            "model": "ios 12.1xq",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2xq",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 pi",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills ntpd j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "ios 12.1dc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0 sl2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xd1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0sl",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1yb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1t",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xe",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2p",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ey",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1yc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2sa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xp",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1ez",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xl",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2b",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ip manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "ios 12.2 xh",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills ntpd a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "mills xntp3 a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "5.93"
          },
          {
            "model": "ios 12.2ya",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xt",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2f",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 t9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.0"
          },
          {
            "model": "ios 12.2 xa",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.1ca",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xq",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.1"
          },
          {
            "model": "ios 12.1ec",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xh",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(5)xv3"
          },
          {
            "model": "ios 11.2wa4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills ntpd f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "ios 12.1xy",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "7.0"
          },
          {
            "model": "solaris 7.0 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "voice services provisioning tool",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xe",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.24"
          },
          {
            "model": "ios 12.1xk",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.2xa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xj",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xi",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2 xq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills xntp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "5.93"
          },
          {
            "model": "ios 11.1cc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1ya",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "billing and management server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2bx",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0da",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0xv"
          },
          {
            "model": "ios 12.0sc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xg",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 yc1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1ex",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2xb",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1ey",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xe",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0db",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.1(9)"
          },
          {
            "model": "ios 12.0 yb4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills ntpd b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "ios 12.2xe",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "bts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10200"
          },
          {
            "model": "ios 12.0xj",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0dc",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "sc2200",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.0xr",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1 ez2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.20"
          },
          {
            "model": "ios 12.0wc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.1xz",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 12.2bw",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills ntpd i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "ios 12.0st",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mills ntpd d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dave",
            "version": "4.0.99"
          },
          {
            "model": "ios 11.1aa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3da",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ios 11.3xa",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.6"
          },
          {
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.5"
          },
          {
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.4"
          },
          {
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.3"
          },
          {
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.2"
          },
          {
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.1"
          },
          {
            "model": "domino",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lotus",
            "version": "5.0.7"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#970472"
          },
          {
            "db": "CERT/CC",
            "id": "VU#676552"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2540"
          },
          {
            "db": "BID",
            "id": "2565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000046"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0414"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99h:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99i:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99j:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.0.99k",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99f:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99g:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0414"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Przemyslaw Frasunek\u203b venglin@freebsd.lublin.pl",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2001-0414",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": true,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2001-0414",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2001-0414",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#970472",
                "trust": 0.8,
                "value": "79.65"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#676552",
                "trust": 0.8,
                "value": "10.50"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#601312",
                "trust": 0.8,
                "value": "9.98"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#310816",
                "trust": 0.8,
                "value": "1.62"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200106-110",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#970472"
          },
          {
            "db": "CERT/CC",
            "id": "VU#676552"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000046"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0414"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument. There is a buffer overflow defect in the ctl_getitem() function of the Network Time Protocol (NTP) daemon responsible for providing accurate time reports used for synchronizing the clocks on installed systems. All NTP daemons based on code maintained at the University of Delaware since NTPv2 are assumed at risk. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur.  This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. NTP, the Network Time Protocol, is used to synchronize the time between a computer and another system or time reference.  It uses UDP as a transport protocol.  There are two protocol versions in use: NTP v3 and NTP v4.  The \u0027ntpd\u0027 daemon implementing version 3 is called \u0027xntp3\u0027; the version implementing version 4 is called \u0027ntp\u0027. \nOn UNIX systems, the \u0027ntpd\u0027 daemon is available to regularly synchronize system time with internet time servers. \nMany versions of \u0027ntpd\u0027 are prone to a remotely exploitable buffer-overflow issue. A remote attacker may be able to crash the daemon or execute arbitrary code on the host. \nIf successful, the attacker may gain root access on the victim host or may denial NTP service on the affected host. \nSubmitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported:          04/02/2001\nBrief Description:      The Bat! masked file type in email attachment\n                        could allow execution of code\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     The Bat! 1.49 and earlier\nVulnerability:          thebat-masked-file-type\nX-Force URL:            http://xforce.iss.net/static/6324.php\n\nDate Reported:          04/02/2001\nBrief Description:      PHP-Nuke could allow attackers to redirect ad\n                        banner URL links\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     PHP-Nuke 4.4 and earlier\nVulnerability:          php-nuke-url-redirect\nX-Force URL:            http://xforce.iss.net/static/6342.php\n\nDate Reported:          04/03/2001\nBrief Description:      Orinoco RG-1000 Residential Gateway default SSID\n                        reveals WEP encryption key\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Orinoco Residential Gateway RG-1000\nVulnerability:          orinoco-rg1000-wep-key\nX-Force URL:            http://xforce.iss.net/static/6328.php\n\nDate Reported:          04/03/2001\nBrief Description:      Navision Financials server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Navision Financials 2.5 and 2.6\nVulnerability:          navision-server-dos\nX-Force URL:            http://xforce.iss.net/static/6318.php\n\nDate Reported:          04/03/2001\nBrief Description:      uStorekeeper online shopping system allows\n                        remote file retrieval\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     uStorekeeper 1.61\nVulnerability:          ustorekeeper-retrieve-files\nX-Force URL:            http://xforce.iss.net/static/6319.php\n\nDate Reported:          04/03/2001\nBrief Description:      Resin server allows remote attackers to view\n                        Javabean files\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Resin 1.2.x, Resin 1.3b1\nVulnerability:          resin-view-javabean\nX-Force URL:            http://xforce.iss.net/static/6320.php\n\nDate Reported:          04/03/2001\nBrief Description:      BPFTP could allow attackers to obtain login\n                        credentials\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BPFTP 2.0\nVulnerability:          bpftp-obtain-credentials\nX-Force URL:            http://xforce.iss.net/static/6330.php\n\nDate Reported:          04/04/2001\nBrief Description:      Ntpd server readvar control message buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n                        Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n                        Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n                        earlier, FreeBSD 4.2-Stable, Mandrake Linux\n                        Corporate Server 1.0.1, Mandrake Linux 7.2,\n                        Trustix Secure Linux, Immunix Linux 7.0, \n                        NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n                        eServer 2.3.1\nVulnerability:          ntpd-remote-bo\nX-Force URL:            http://xforce.iss.net/static/6321.php\n\nDate Reported:          04/04/2001\nBrief Description:      Cisco CSS debug mode allows users to gain\n                        administrative access\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco Content Services Switch 11050, Cisco \n                        Content Services Switch 11150, Cisco Content\n                        Services Switch 11800\nVulnerability:          cisco-css-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6322.php\n\nDate Reported:          04/04/2001\nBrief Description:      BEA Tuxedo may allow access to remote services\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BEA Tuxedo 7.1\nVulnerability:          bea-tuxedo-remote-access\nX-Force URL:            http://xforce.iss.net/static/6326.php\n\nDate Reported:          04/05/2001\nBrief Description:      Ultimate Bulletin Board could allow attackers to\n                        bypass authentication\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Ultimate Bulletin Board 5.43, Ultimate Bulletin\n                        Board 5.4.7e\nVulnerability:          ultimatebb-bypass-authentication\nX-Force URL:            http://xforce.iss.net/static/6339.php\n\nDate Reported:          04/05/2001\nBrief Description:      BinTec X4000 NMAP denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n                        BinTec X1200\nVulnerability:          bintec-x4000-nmap-dos\nX-Force URL:            http://xforce.iss.net/static/6323.php\n\nDate Reported:          04/05/2001\nBrief Description:      WatchGuard Firebox II kernel denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     WatchGuard Firebox II prior to 4.6\nVulnerability:          firebox-kernel-dos\nX-Force URL:            http://xforce.iss.net/static/6327.php\n\nDate Reported:          04/06/2001\nBrief Description:      Cisco PIX denial of service due to multiple \n                        TACACS+ requests\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco PIX Firewall 5.1.4\nVulnerability:          cisco-pix-tacacs-dos\nX-Force URL:            http://xforce.iss.net/static/6353.php\n\nDate Reported:          04/06/2001\nBrief Description:      Darren Reed\u0027s IP Filter allows attackers to\n                        access UDP and TCP ports\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IP Filter 3.4.16\nVulnerability:          ipfilter-access-ports\nX-Force URL:            http://xforce.iss.net/static/6331.php\n\nDate Reported:          04/06/2001\nBrief Description:      Veritas NetBackup nc (netcat) command denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     NetBackup 3.2\nVulnerability:          veritas-netbackup-nc-dos\nX-Force URL:            http://xforce.iss.net/static/6329.php\n\nDate Reported:          04/08/2001\nBrief Description:      PGP may allow malicious users to access\n                        authenticated split keys\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     PGP 7.0\nVulnerability:          nai-pgp-split-keys\nX-Force URL:            http://xforce.iss.net/static/6341.php\n\nDate Reported:          04/09/2001\nBrief Description:      Solaris kcms_configure command line buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcms-command-bo\nX-Force URL:            http://xforce.iss.net/static/6359.php\n\nDate Reported:          04/09/2001\nBrief Description:      TalkBack CGI script could allow remote attackers\n                        to read files on the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     TalkBack prior to 1.2\nVulnerability:          talkback-cgi-read-files\nX-Force URL:            http://xforce.iss.net/static/6340.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) implementation\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n                        HP-UX 11.00, NetBSD\nVulnerability:          ftp-glob-implementation\nX-Force URL:            http://xforce.iss.net/static/6333.php\n\nDate Reported:          04/09/2001\nBrief Description:      Pine mail client temp file symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n                        Linux 6.2, Red Hat Linux 7.0\nVulnerability:          pine-tmp-file-symlink\nX-Force URL:            http://xforce.iss.net/static/6367.php\n\nDate Reported:          04/09/2001\nBrief Description:      Multiple FTP glob(3) expansion\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n                        OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability:          ftp-glob-expansion\nX-Force URL:            http://xforce.iss.net/static/6332.php\n\nDate Reported:          04/09/2001\nBrief Description:      Netscape embedded JavaScript in GIF file \n                        comments can be used to access remote data\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape Communicator 4.76, Red Hat Linux 6.2,\n                        Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n                        7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n                        Red Hat Linux 7.1\nVulnerability:          netscape-javascript-access-data\nX-Force URL:            http://xforce.iss.net/static/6344.php\n\nDate Reported:          04/09/2001\nBrief Description:      STRIP generates weak passwords\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     STRIP 0.5 and earlier\nVulnerability:          strip-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6362.php\n\nDate Reported:          04/10/2001\nBrief Description:      Solaris Xsun HOME environment variable buffer\n                        overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-xsun-home-bo\nX-Force URL:            http://xforce.iss.net/static/6343.php\n\nDate Reported:          04/10/2001\nBrief Description:      Compaq Presario Active X denial of service\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Compaq Presario, Windows 98, Windows ME\nVulnerability:          compaq-activex-dos\nX-Force URL:            http://xforce.iss.net/static/6355.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-expert-account\nX-Force URL:            http://xforce.iss.net/static/6354.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on LAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-lan-access\nX-Force URL:            http://xforce.iss.net/static/6336.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems allow attacker on WAN to\n                        gain access using TFTP\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-tftp-wan-access\nX-Force URL:            http://xforce.iss.net/static/6337.php\n\nDate Reported:          04/10/2001\nBrief Description:      Oracle Application Server shared library\n                        (ndwfn4.so) buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     iPlanet Web Server 4.x, Oracle Application\n                        Server 4.0.8.2\nVulnerability:          oracle-appserver-ndwfn4-bo\nX-Force URL:            http://xforce.iss.net/static/6334.php\n\nDate Reported:          04/10/2001\nBrief Description:      Alcatel ADSL modems use blank password by\n                        default\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Alcatel ADSL Network Termination Device 1000,\n                        Alcatel Speed Touch ADSL modem Home\nVulnerability:          alcatel-blank-password\nX-Force URL:            http://xforce.iss.net/static/6335.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris dtsession buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-dtsession-bo\nX-Force URL:            http://xforce.iss.net/static/6366.php\n\nDate Reported:          04/11/2001\nBrief Description:      Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 7, Solaris 8\nVulnerability:          solaris-kcssunwiosolf-bo\nX-Force URL:            http://xforce.iss.net/static/6365.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lightwave ConsoleServer brute force password\n                        attack\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Lightwave ConsoleServer 3200\nVulnerability:          lightwave-consoleserver-brute-force\nX-Force URL:            http://xforce.iss.net/static/6345.php\n\nDate Reported:          04/11/2001\nBrief Description:      nph-maillist allows user to execute code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Email List Generator 3.5 and earlier\nVulnerability:          nph-maillist-execute-code\nX-Force URL:            http://xforce.iss.net/static/6363.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost Configuration Server denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5\nVulnerability:          ghost-configuration-server-dos\nX-Force URL:            http://xforce.iss.net/static/6357.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server DOS device denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-device-dos\nX-Force URL:            http://xforce.iss.net/static/6348.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server HTTP header denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-header-dos\nX-Force URL:            http://xforce.iss.net/static/6347.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server URL parsing denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-url-dos\nX-Force URL:            http://xforce.iss.net/static/6351.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server CORBA denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-corba-dos\nX-Force URL:            http://xforce.iss.net/static/6350.php\n\nDate Reported:          04/11/2001\nBrief Description:      Symantec Ghost database engine denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Ghost 6.5, Sybase Adaptive Server Database\n                        Engine 6.0.3.2747\nVulnerability:          ghost-database-engine-dos\nX-Force URL:            http://xforce.iss.net/static/6356.php\n\nDate Reported:          04/11/2001\nBrief Description:      cfingerd daemon remote format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Debian Linux 2.1, Debian Linux 2.2, cfingerd\n                        1.4.3 and earlier\nVulnerability:          cfingerd-remote-format-string\nX-Force URL:            http://xforce.iss.net/static/6364.php\n\nDate Reported:          04/11/2001\nBrief Description:      Lotus Domino Web Server Unicode denial of\n                        service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Lotus Domino R5 prior to 5.0.7\nVulnerability:          lotus-domino-unicode-dos\nX-Force URL:            http://xforce.iss.net/static/6349.php\n\nDate Reported:          04/11/2001\nBrief Description:      Linux mkpasswd generates weak passwords\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability:          mkpasswd-weak-passwords\nX-Force URL:            http://xforce.iss.net/static/6382.php\n\nDate Reported:          04/12/2001\nBrief Description:      Solaris ipcs utility buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Solaris 7\nVulnerability:          solaris-ipcs-bo\nX-Force URL:            http://xforce.iss.net/static/6369.php\n\nDate Reported:          04/12/2001\nBrief Description:      InterScan VirusWall ISADMIN service buffer \n                        overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel , InterScan VirusWall 3.0.1\nVulnerability:          interscan-viruswall-isadmin-bo\nX-Force URL:            http://xforce.iss.net/static/6368.php\n\nDate Reported:          04/12/2001\nBrief Description:      HylaFAX hfaxd format string\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n                        Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n                        Mandrake Linux 7.2, Mandrake Linux Corporate\n                        Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability:          hylafax-hfaxd-format-string\nX-Force URL:            http://xforce.iss.net/static/6377.php\n\nDate Reported:          04/12/2001\nBrief Description:      Cisco VPN 3000 Concentrators invalid IP Option\n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability:          cisco-vpn-ip-dos\nX-Force URL:            http://xforce.iss.net/static/6360.php\n\nDate Reported:          04/13/2001\nBrief Description:      Net.Commerce package in IBM WebSphere reveals\n                        installation path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n                        7, Windows NT 4.0\nVulnerability:          ibm-websphere-reveals-path\nX-Force URL:            http://xforce.iss.net/static/6371.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Term 5.0, QVT/Net 5.0\nVulnerability:          qpc-ftpd-bo\nX-Force URL:            http://xforce.iss.net/static/6376.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC ftpd directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     QVT/Net 5.0, QVT/Term 5.0\nVulnerability:          qpc-ftpd-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6375.php\n\nDate Reported:          04/13/2001\nBrief Description:      QPC popd buffer overflow\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QVT/Net 5.0\nVulnerability:          qpc-popd-bo\nX-Force URL:            http://xforce.iss.net/static/6374.php\n\nDate Reported:          04/13/2001\nBrief Description:      NCM Content Management System access database\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     NCM Content Management System\nVulnerability:          ncm-content-database-access\nX-Force URL:            http://xforce.iss.net/static/6386.php\n\nDate Reported:          04/13/2001\nBrief Description:      Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Netscape SmartDownload 1.3, Windows NT, Windows\n                        95, Windows 98\nVulnerability:          netscape-smartdownload-sdph20-bo\nX-Force URL:            http://xforce.iss.net/static/6403.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer accept buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-accept-bo\nX-Force URL:            http://xforce.iss.net/static/6404.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer cancel buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-cancel-bo\nX-Force URL:            http://xforce.iss.net/static/6406.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer disable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-disable-bo\nX-Force URL:            http://xforce.iss.net/static/6407.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer enable buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-enable-bo\nX-Force URL:            http://xforce.iss.net/static/6409.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lp buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lp-bo\nX-Force URL:            http://xforce.iss.net/static/6410.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpfilter buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpfilter-bo\nX-Force URL:            http://xforce.iss.net/static/6411.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpstat buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpstat-bo\nX-Force URL:            http://xforce.iss.net/static/6413.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer reject buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-reject-bo\nX-Force URL:            http://xforce.iss.net/static/6414.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer rmail buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-rmail-bo\nX-Force URL:            http://xforce.iss.net/static/6415.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer tput buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-tput-bo\nX-Force URL:            http://xforce.iss.net/static/6416.php\n\nDate Reported:          04/13/2001\nBrief Description:      IBM WebSphere CGI macro denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n                        4.3.x, Solaris 7\nVulnerability:          ibm-websphere-macro-dos\nX-Force URL:            http://xforce.iss.net/static/6372.php\n\nDate Reported:          04/13/2001\nBrief Description:      SCO OpenServer lpmove buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     SCO Openserver 5.0.0 to 5.0.6\nVulnerability:          sco-openserver-lpmove-bo\nX-Force URL:            http://xforce.iss.net/static/6412.php\n\nDate Reported:          04/14/2001\nBrief Description:      Siemens Reliant Unix ppd -T symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n                        Unix 5.44\nVulnerability:          reliant-unix-ppd-symlink\nX-Force URL:            http://xforce.iss.net/static/6408.php\n\nDate Reported:          04/15/2001\nBrief Description:      Linux Exuberant Ctags package symbolic link\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, exuberant-ctags\nVulnerability:          exuberant-ctags-symlink\nX-Force URL:            http://xforce.iss.net/static/6388.php\n\nDate Reported:          04/15/2001\nBrief Description:      processit.pl CGI could allow attackers to view\n                        sensitive information about the Web server\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     processit.pl\nVulnerability:          processit-cgi-view-info\nX-Force URL:            http://xforce.iss.net/static/6385.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft ISA Server Web Proxy denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft ISA Server 2000\nVulnerability:          isa-web-proxy-dos\nX-Force URL:            http://xforce.iss.net/static/6383.php\n\nDate Reported:          04/16/2001\nBrief Description:      Microsoft Internet Explorer altering CLSID\n                        action allows malicious file execution\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Windows 2000, Internet Explorer 5.5, Windows 98                       \nVulnerability:          ie-clsid-execute-files\nX-Force URL:            http://xforce.iss.net/static/6426.php\n\nDate Reported:          04/16/2001\nBrief Description:      Cisco Catalyst 5000 series switch 802.1x denial\n                        of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Cisco Catalyst 5000 Series\nVulnerability:          cisco-catalyst-8021x-dos\nX-Force URL:            http://xforce.iss.net/static/6379.php\n\nDate Reported:          04/16/2001\nBrief Description:      BubbleMon allows users to gain elevated \n                        privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     BubbleMon prior to 1.32, FreeBSD\nVulnerability:          bubblemon-elevate-privileges\nX-Force URL:            http://xforce.iss.net/static/6378.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6391.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field allows attacker to upload\n                        files\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-file-upload\nX-Force URL:            http://xforce.iss.net/static/6393.php\n\nDate Reported:          04/16/2001\nBrief Description:      DCForum CGI az= field EXPR allows attacker to\n                        execute commands\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     DCForum 2000 1.0\nVulnerability:          dcforum-az-expr\nX-Force URL:            http://xforce.iss.net/static/6392.php\n\nDate Reported:          04/16/2001\nBrief Description:      Linux NetFilter IPTables\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability:          linux-netfilter-iptables\nX-Force URL:            http://xforce.iss.net/static/6390.php\n\nDate Reported:          04/17/2001\nBrief Description:      Xitami Web server denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability:          xitami-server-dos\nX-Force URL:            http://xforce.iss.net/static/6389.php\n\nDate Reported:          04/17/2001\nBrief Description:      Samba tmpfile symlink attack could allow\n                        elevated privileges\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n                        Progeny Linux, Caldera OpenLinux eBuilder,\n                        Trustix Secure Linux 1.01, Mandrake Linux \n                        Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n                        Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n                        Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n                        OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability:          samba-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6396.php\n\nDate Reported:          04/17/2001\nBrief Description:      GoAhead WebServer \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability:          goahead-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6400.php\n\nDate Reported:          04/17/2001\nBrief Description:      AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     SimpleServer:WWW 1.03 to 1.08\nVulnerability:          analogx-simpleserver-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6395.php\n\nDate Reported:          04/17/2001\nBrief Description:      Viking Server hexadecimal URL encoded format\n                        directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server prior to 1.07-381\nVulnerability:          viking-hex-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6394.php\n\nDate Reported:          04/17/2001\nBrief Description:      Solaris FTP server allows attacker to recover\n                        shadow file\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     Solaris 2.6\nVulnerability:          solaris-ftp-shadow-recovery\nX-Force URL:            http://xforce.iss.net/static/6422.php\n\nDate Reported:          04/18/2001\nBrief Description:      The Bat! pop3 denial of service\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     The Bat! 1.51, Windows\nVulnerability:          thebat-pop3-dos\nX-Force URL:            http://xforce.iss.net/static/6423.php\n\nDate Reported:          04/18/2001\nBrief Description:      Eudora allows attacker to obtain files using\n                        plain text attachments\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Eudora 5.0.2\nVulnerability:          eudora-plain-text-attachment\nX-Force URL:            http://xforce.iss.net/static/6431.php\n\nDate Reported:          04/18/2001\nBrief Description:      VMware vmware-mount.pl symlink\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     VMware\nVulnerability:          vmware-mount-symlink\nX-Force URL:            http://xforce.iss.net/static/6420.php\n\nDate Reported:          04/18/2001\nBrief Description:      KFM tmpfile symbolic link could allow local\n                        attackers to overwrite files\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 7.0, K File Manager (KFM)\nVulnerability:          kfm-tmpfile-symlink\nX-Force URL:            http://xforce.iss.net/static/6428.php\n\nDate Reported:          04/18/2001\nBrief Description:      CyberScheduler timezone remote buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     CyberScheduler, Mandrake Linux, Windows 2000,\n                        IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n                        Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n                        Linux, Solaris 2.5, Solaris 2.6, Caldera \n                        OpenLinux, Windows NT\nVulnerability:          cyberscheduler-timezone-bo\nX-Force URL:            http://xforce.iss.net/static/6401.php\n\nDate Reported:          04/18/2001\nBrief Description:      Microsoft Data Access Component Internet\n                        Publishing Provider allows WebDAV access\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Microsoft Data Access Component 8.103.2519.0,\n                        Windows 95, Windows NT 4.0, Windows 98, Windows\n                        98 Second Edition, Windows 2000, Windows ME \nVulnerability:          ms-dacipp-webdav-access\nX-Force URL:            http://xforce.iss.net/static/6405.php\n\nDate Reported:          04/18/2001\nBrief Description:      Oracle tnslsnr80.exe denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability:          oracle-tnslsnr80-dos\nX-Force URL:            http://xforce.iss.net/static/6427.php\n\nDate Reported:          04/18/2001\nBrief Description:      innfeed -c flag buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Red Hat Linux, Slackware Linux, Mandrake Linux,\n                        INN prior to 2.3.1\nVulnerability:          innfeed-c-bo\nX-Force URL:            http://xforce.iss.net/static/6398.php\n\nDate Reported:          04/18/2001\nBrief Description:      iPlanet Calendar Server stores username and\n                        password in plaintext\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     iPlanet Calendar Server 5.0p2\nVulnerability:          iplanet-calendar-plaintext-password\nX-Force URL:            http://xforce.iss.net/static/6402.php\n\nDate Reported:          04/18/2001\nBrief Description:      Linux NEdit symlink when printing\nRisk Factor:            High\nAttack Type:            Host Based\nPlatforms Affected:     SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n                        2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n                        SuSE Linux 7.0, Mandrake Linux Corporate Server\n                        1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability:          nedit-print-symlink\nX-Force URL:            http://xforce.iss.net/static/6424.php\n\nDate Reported:          04/19/2001\nBrief Description:      CheckBO TCP buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     CheckBO 1.56 and earlier\nVulnerability:          checkbo-tcp-bo\nX-Force URL:            http://xforce.iss.net/static/6436.php\n\nDate Reported:          04/19/2001\nBrief Description:      HP-UX pcltotiff uses insecure permissions\nRisk Factor:            Medium\nAttack Type:            Host Based\nPlatforms Affected:     HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n                        HP-UX 10.26\nVulnerability:          hp-pcltotiff-insecure-permissions\nX-Force URL:            http://xforce.iss.net/static/6447.php\n\nDate Reported:          04/19/2001\nBrief Description:      Netopia Timbuktu allows unauthorized system\n                        access\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Timbuktu Pro, Macintosh OS X\nVulnerability:          netopia-timbuktu-gain-access\nX-Force URL:            http://xforce.iss.net/static/6452.php\n\nDate Reported:          04/20/2001\nBrief Description:      Cisco CBOS could allow attackers to gain \n                        privileged information\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability:          cisco-cbos-gain-information\nX-Force URL:            http://xforce.iss.net/static/6453.php\n\nDate Reported:          04/20/2001\nBrief Description:      Internet Explorer 5.x allows active scripts \n                        using XML stylesheets\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Internet Explorer 5.x, Outlook Express 5.x\nVulnerability:          ie-xml-stylesheets-scripting\nX-Force URL:            http://xforce.iss.net/static/6448.php\n\nDate Reported:          04/20/2001\nBrief Description:      Linux gftp format string\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     gftp prior to 2.0.8, Mandrake Linux 8.0, \n                        Mandrake Linux Corporate Server 1.0.1, Immunix\n                        Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n                        7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n                        Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n                        Linux 7.0\nVulnerability:          gftp-format-string\nX-Force URL:            http://xforce.iss.net/static/6478.php\n\nDate Reported:          04/20/2001\nBrief Description:      Novell BorderManager VPN client SYN requests \n                        denial of service\nRisk Factor:            Medium\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Novell BorderManager 3.5\nVulnerability:          bordermanager-vpn-syn-dos\nX-Force URL:            http://xforce.iss.net/static/6429.php\n\nDate Reported:          04/20/2001\nBrief Description:      SAFT sendfiled could allow the execution of\n                        arbitrary code\nRisk Factor:            Low\nAttack Type:            Host Based\nPlatforms Affected:     Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability:          saft-sendfiled-execute-code\nX-Force URL:            http://xforce.iss.net/static/6430.php\n\nDate Reported:          04/21/2001\nBrief Description:      Mercury MTA for Novell Netware buffer overflow\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability:          mercury-mta-bo\nX-Force URL:            http://xforce.iss.net/static/6444.php\n\nDate Reported:          04/21/2001\nBrief Description:      QNX allows attacker to read files on FAT \n                        partition\nRisk Factor:            High\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     QNX 2.4\nVulnerability:          qnx-fat-file-read\nX-Force URL:            http://xforce.iss.net/static/6437.php\n\nDate Reported:          04/23/2001\nBrief Description:      Viking Server \"dot dot\" (\\...\\) directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Viking Server 1.0.7\nVulnerability:          viking-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6450.php\n\nDate Reported:          04/24/2001\nBrief Description:      NetCruiser Web Server could reveal directory\n                        path\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     NetCruiser Web Server 0.1.2.8\nVulnerability:          netcruiser-server-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6468.php\n\nDate Reported:          04/24/2001\nBrief Description:      Perl Web Server directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Perl Web Server 0.3 and prior\nVulnerability:          perl-webserver-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6451.php\n\nDate Reported:          04/24/2001\nBrief Description:      Small HTTP Server /aux denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Small HTTP Server 2.03\nVulnerability:          small-http-aux-dos\nX-Force URL:            http://xforce.iss.net/static/6446.php\n\nDate Reported:          04/24/2001\nBrief Description:      IPSwitch IMail SMTP daemon mailing list handler\n                        buffer overflow\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     IPSwitch Imail 6.06 and earlier\nVulnerability:          ipswitch-imail-smtp-bo\nX-Force URL:            http://xforce.iss.net/static/6445.php\n\nDate Reported:          04/25/2001\nBrief Description:      MIT Kerberos 5 could allow attacker to gain root\n                        access by injecting base64-encoded data\nRisk Factor:            Low\nAttack Type:            Network Based\nPlatforms Affected:     MIT Kerberos 5\nVulnerability:          kerberos-inject-base64-encode\nX-Force URL:            http://xforce.iss.net/static/6454.php\n\nDate Reported:          04/26/2001\nBrief Description:      IRIX netprint -n allows attacker to access\n                        shared library\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     IRIX 6.x\nVulnerability:          irix-netprint-shared-library\nX-Force URL:            http://xforce.iss.net/static/6473.php\n\nDate Reported:          04/26/2001\nBrief Description:      WebXQ \"dot dot\" directory traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Windows, WebXQ 2.1.204\nVulnerability:          webxq-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6466.php\n\nDate Reported:          04/26/2001\nBrief Description:      RaidenFTPD \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability:          raidenftpd-dot-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6455.php\n\nDate Reported:          04/27/2001\nBrief Description:      PerlCal CGI cal_make.pl script directory\n                        traversal\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     Unix, PerlCal 2.95 and prior\nVulnerability:          perlcal-calmake-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6480.php\n\nDate Reported:          04/28/2001\nBrief Description:      ICQ Web Front plugin denial of service\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability:          icq-webfront-dos\nX-Force URL:            http://xforce.iss.net/static/6474.php\n\nDate Reported:          04/28/2001\nBrief Description:      Alex FTP Server \"dot dot\" directory traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     Alex\u0027s FTP Server 0.7\nVulnerability:          alex-ftp-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6475.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver FTP path disclosure\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-ftp-path-disclosure\nX-Force URL:            http://xforce.iss.net/static/6477.php\n\nDate Reported:          04/28/2001\nBrief Description:      BRS WebWeaver Web server \"dot dot\" directory\n                        traversal\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BRS WebWeaver 0.63\nVulnerability:          webweaver-web-directory-traversal\nX-Force URL:            http://xforce.iss.net/static/6476.php\n\nDate Reported:          04/29/2001\nBrief Description:      Winamp AIP buffer overflow\nRisk Factor:            Low\nAttack Type:            Host Based / Network Based\nPlatforms Affected:     Winamp 2.6x and 2.7x\nVulnerability:          winamp-aip-bo\nX-Force URL:            http://xforce.iss.net/static/6479.php\n\nDate Reported:          04/29/2001\nBrief Description:      BearShare \"dot dot\" allows remote attacker to traverse\n                        directories and download any file\nRisk Factor:            Medium\nAttack Type:            Network Based\nPlatforms Affected:     BearShare 2.2.2 and prior, Windows 95, Windows\n                        98, Windows ME\nVulnerability:          bearshare-dot-download-files\nX-Force URL:            http://xforce.iss.net/static/6481.php\n\nDate Reported:          05/01/2001\nBrief Description:      IIS 5.0 ISAPI extension buffer overflow\nRisk Factor:            High\nAttack Type:            Network Based\nPlatforms Affected:     IIS 5.0, Windows 2000 Server, Windows 2000\n                        Advanced Server, Windows 2000 Datacenter Server\nVulnerability:          iis-isapi-bo\nX-Force URL:            http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n        High    Any vulnerability that provides an attacker with immediate\n                access into a machine, gains superuser access, or bypasses\n                a firewall.  Example:  A vulnerable Sendmail 8.6.5 version\n                that allows an intruder to execute commands on mail\n                server. \n        Medium  Any vulnerability that provides information that has a\n                high potential of giving system access to an intruder. \n                Example: A misconfigured TFTP or vulnerable NIS server\n                that allows an intruder to get the password file that\n                could contain an account with a guessable password. \n        Low     Any vulnerability that provides information that\n                potentially could lead to a compromise.  Example:  A\n                finger that allows an intruder to find out who is online\n                and potential accounts to attempt to crack passwords\n                via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business.  With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies.  Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East.  For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0414"
          },
          {
            "db": "CERT/CC",
            "id": "VU#970472"
          },
          {
            "db": "CERT/CC",
            "id": "VU#676552"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000046"
          },
          {
            "db": "BID",
            "id": "2540"
          },
          {
            "db": "BID",
            "id": "2565"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          }
        ],
        "trust": 5.13
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "2540",
            "trust": 3.5
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0414",
            "trust": 2.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#970472",
            "trust": 1.6
          },
          {
            "db": "OSVDB",
            "id": "805",
            "trust": 1.6
          },
          {
            "db": "BID",
            "id": "2565",
            "trust": 1.1
          },
          {
            "db": "XF",
            "id": "6349",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6347",
            "trust": 0.9
          },
          {
            "db": "XF",
            "id": "6423",
            "trust": 0.9
          },
          {
            "db": "BID",
            "id": "2571",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#676552",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "2636",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000046",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "6321",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20010418 IBM MSS OUTSIDE ADVISORY REDISTRIBUTION: IBM AIX: BUFFER OVERFLOW VULNERABILITY IN (X)NTP",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010404 NTPD =\u003c 4.0.99K REMOTE BUFFER OVERFLOW",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010406 IMMUNIX OS SECURITY UPDATE FOR NTP AND XNTP3",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010409 [ESA-20010409-01] XNTP BUFFER OVERFLOW",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010413 PROGENY-SA-2001-02A: [UPDATE] NTPD REMOTE BUFFER OVERFLOW",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010405 RE: NTPD =\u003c 4.0.99K REMOTE BUFFER OVERFLOW]",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010409 NTP-4.99K23.TAR.GZ IS AVAILABLE",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010408 [SLACKWARE-SECURITY] BUFFER OVERFLOW FIX FOR NTP",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010409 PROGENY-SA-2001-02: NTPD REMOTE BUFFER OVERFLOW",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20010409 NTPD - NEW DEBIAN 2.2 (POTATO) VERSION IS ALSO VULNERABLE",
            "trust": 0.6
          },
          {
            "db": "REDHAT",
            "id": "RHSA-2001:045",
            "trust": 0.6
          },
          {
            "db": "MANDRAKE",
            "id": "MDKSA-2001:036",
            "trust": 0.6
          },
          {
            "db": "NETBSD",
            "id": "NETBSD-SA2001-004",
            "trust": 0.6
          },
          {
            "db": "DEBIAN",
            "id": "DSA-045",
            "trust": 0.6
          },
          {
            "db": "SUSE",
            "id": "SUSE-SA:2001:10",
            "trust": 0.6
          },
          {
            "db": "CONECTIVA",
            "id": "CLA-2001:392",
            "trust": 0.6
          },
          {
            "db": "FREEBSD",
            "id": "FREEBSD-SA-01:31",
            "trust": 0.6
          },
          {
            "db": "OVAL",
            "id": "OVAL:ORG.MITRE.OVAL:DEF:3831",
            "trust": 0.6
          },
          {
            "db": "CALDERA",
            "id": "CSSA-2001-013",
            "trust": 0.6
          },
          {
            "db": "SCO",
            "id": "SSE073",
            "trust": 0.6
          },
          {
            "db": "SCO",
            "id": "SSE074",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-110",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "6382",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6475",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6343",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6386",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6328",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6333",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6334",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6376",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6345",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6422",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6322",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6378",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6342",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6453",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6405",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6377",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6428",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6450",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6332",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6410",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6478",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6359",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6485",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6414",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6371",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6477",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6395",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6394",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6353",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6466",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6481",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6329",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6372",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6348",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6437",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6367",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6411",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6452",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6354",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6344",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6356",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6420",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6424",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6365",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6415",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6416",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6412",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6391",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6447",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6362",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6408",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6331",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6431",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6479",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6429",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6392",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6396",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6480",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6351",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6468",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6366",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6327",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6474",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6319",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6403",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6413",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6388",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6363",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6454",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6364",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6400",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6339",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6455",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6341",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6318",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6436",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6448",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6320",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6385",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6379",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6402",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6426",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6323",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6369",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6336",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6427",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6446",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6368",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6389",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6357",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6476",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6401",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6326",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6340",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6337",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6473",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6375",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6409",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6390",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6335",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6393",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6350",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6324",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6445",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6404",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6360",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6398",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6430",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6406",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6444",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6330",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6355",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6407",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6374",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6383",
            "trust": 0.1
          },
          {
            "db": "XF",
            "id": "6451",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "24836",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#970472"
          },
          {
            "db": "CERT/CC",
            "id": "VU#676552"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2540"
          },
          {
            "db": "BID",
            "id": "2565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000046"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0414"
          }
        ]
      },
      "id": "VAR-200106-0170",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2024-07-30T19:36:24.428000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HPSBUX0104-148",
            "trust": 0.8,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0104-148"
          },
          {
            "title": "HPSBUX0104-148",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0104-148.html"
          },
          {
            "title": "RHSA-2001:045",
            "trust": 0.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2001-045.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://jp.sun.com/"
          },
          {
            "title": "RHSA-2001:045",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2001-045j.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000046"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0414"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "http://www.securityfocus.com/bid/2540"
          },
          {
            "trust": 2.4,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd-sa2001-004.txt.asc"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/advisories/3208"
          },
          {
            "trust": 1.6,
            "url": "http://www.linux-mandrake.com/en/security/2001/mdksa-2001-036.php3"
          },
          {
            "trust": 1.6,
            "url": "http://www.redhat.com/support/errata/rhsa-2001-045.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.osvdb.org/805"
          },
          {
            "trust": 1.6,
            "url": "http://www.calderasystems.com/support/security/advisories/cssa-2001-013.0.txt"
          },
          {
            "trust": 1.6,
            "url": "http://lists.suse.com/archives/suse-security-announce/2001-apr/0000.html"
          },
          {
            "trust": 1.6,
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000392"
          },
          {
            "trust": 1.6,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html"
          },
          {
            "trust": 1.6,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html"
          },
          {
            "trust": 1.6,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html"
          },
          {
            "trust": 1.6,
            "url": "ftp://ftp.sco.com/sse/sse074.ltr"
          },
          {
            "trust": 1.6,
            "url": "ftp://ftp.sco.com/sse/sse073.ltr"
          },
          {
            "trust": 1.6,
            "url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-01:31.ntpd.asc"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=98642418618512\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=98654963328381\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=98659782815613\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=98679815917014\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=98683952401753\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=98684202610470\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=98684532921941\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6321"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a3831"
          },
          {
            "trust": 1.0,
            "url": "https://www.debian.org/security/2001/dsa-045"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6349.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6347.php"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6423.php"
          },
          {
            "trust": 0.8,
            "url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ntp/ntpd/ntp_control.c?r1+=1.1\u0026r2=1.2"
          },
          {
            "trust": 0.8,
            "url": "http://www.freebsd.org/cgi/cvsweb.cgi/ports/net/ntp/files/patch-ntp_control.c (patch for ntp-4.0.99k)"
          },
          {
            "trust": 0.8,
            "url": "http://www.faqs.org/rfcs/rfc1305.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.ntp.org/"
          },
          {
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?type=0\u0026doc=secbull%2f211\u0026display=plain"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2571"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2565"
          },
          {
            "trust": 0.8,
            "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/2636"
          },
          {
            "trust": 0.8,
            "url": "http://www.ritlabs.com/the_bat/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0414"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0414"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/970472"
          },
          {
            "trust": 0.7,
            "url": "http://xforce.iss.net/static/6321.php"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98651866104663\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98684532921941\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98684202610470\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98683952401753\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98679815917014\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98659782815613\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98654963328381\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98642418618512\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:3831"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/ntp-pub.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.ntp.org"
          },
          {
            "trust": 0.3,
            "url": "http://support.coresecurity.com/impact/exploits/1d0617f506101c3c4db122dc40236f69.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.lotus.com/home.nsf/welcome/domino"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6323.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6330.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6392.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6444.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6455.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6468.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6452.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6327.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6395.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6485.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6402.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6362.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6366.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6336.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6451.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6334.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6406.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6427.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.iss.net"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6351.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6343.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6326.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6319.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6344.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6398.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6428.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6353.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6356.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6390.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6450.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6446.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6368.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6332.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6359.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6376.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6354.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6378.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6374.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6394.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6383.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6411.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6414.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6481.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6365.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6382.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6403.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6324.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6329.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6437.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6388.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6415.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6424.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6342.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6337.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6357.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6348.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/alerts/vol-6_num-6.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6407.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6379.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6389.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6436.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6466.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6412.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6448.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6400.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6318.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6478.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6454.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6372.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6420.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6335.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6345.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6479.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6355.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6364.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6476.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6393.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6391.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6341.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6371.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6429.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6369.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6405.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6431.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6422.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6410.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6360.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6401.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6413.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6474.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6477.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6385.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6473.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6328.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6377.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6416.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6339.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6367.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6445.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6453.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6375.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/maillists/index.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6475.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6430.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6340.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6396.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6426.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6331.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6386.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/sensitive.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6350.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6333.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6480.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6409.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6447.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6404.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6320.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6408.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6322.php"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/static/6363.php"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#970472"
          },
          {
            "db": "CERT/CC",
            "id": "VU#676552"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2540"
          },
          {
            "db": "BID",
            "id": "2565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000046"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0414"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#970472"
          },
          {
            "db": "CERT/CC",
            "id": "VU#676552"
          },
          {
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "db": "BID",
            "id": "2540"
          },
          {
            "db": "BID",
            "id": "2565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2001-000046"
          },
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0414"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2001-04-05T00:00:00",
            "db": "CERT/CC",
            "id": "VU#970472"
          },
          {
            "date": "2001-07-23T00:00:00",
            "db": "CERT/CC",
            "id": "VU#676552"
          },
          {
            "date": "2001-07-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "date": "2001-06-01T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "date": "2001-04-04T00:00:00",
            "db": "BID",
            "id": "2540"
          },
          {
            "date": "2001-04-11T00:00:00",
            "db": "BID",
            "id": "2565"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2001-000046"
          },
          {
            "date": "2001-05-16T01:07:09",
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "date": "2001-04-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          },
          {
            "date": "2001-06-18T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0414"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-05-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#970472"
          },
          {
            "date": "2001-07-26T00:00:00",
            "db": "CERT/CC",
            "id": "VU#676552"
          },
          {
            "date": "2001-07-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#601312"
          },
          {
            "date": "2001-08-30T00:00:00",
            "db": "CERT/CC",
            "id": "VU#310816"
          },
          {
            "date": "2007-11-05T17:05:00",
            "db": "BID",
            "id": "2540"
          },
          {
            "date": "2001-04-11T00:00:00",
            "db": "BID",
            "id": "2565"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2001-000046"
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          },
          {
            "date": "2017-10-10T01:29:43.233000",
            "db": "NVD",
            "id": "CVE-2001-0414"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "24836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ntpd Remote Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "BID",
            "id": "2540"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Boundary Condition Error",
        "sources": [
          {
            "db": "BID",
            "id": "2540"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200106-110"
          }
        ],
        "trust": 0.9
      }
    }

    CVE-2003-1408 (GCVE-0-2003-1408)

    Vulnerability from cvelistv5 – Published: 2007-10-20 10:00 – Updated: 2024-08-08 02:28
    VLAI
    Summary
    Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/311806 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/6841 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/311660 mailing-listx_refsource_BUGTRAQ
    Date Public
    2003-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:28:02.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20030213 Re: Lotus Domino DOT Bug Allows for Source Code Viewing",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/311806"
              },
              {
                "name": "lotus-domino-dot-file-download(11311)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11311"
              },
              {
                "name": "6841",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6841"
              },
              {
                "name": "20030212 Lotus Domino DOT Bug Allows for Source Code Viewing",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/311660"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20030213 Re: Lotus Domino DOT Bug Allows for Source Code Viewing",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/311806"
            },
            {
              "name": "lotus-domino-dot-file-download(11311)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11311"
            },
            {
              "name": "6841",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6841"
            },
            {
              "name": "20030212 Lotus Domino DOT Bug Allows for Source Code Viewing",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/311660"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1408",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20030213 Re: Lotus Domino DOT Bug Allows for Source Code Viewing",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/311806"
                },
                {
                  "name": "lotus-domino-dot-file-download(11311)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11311"
                },
                {
                  "name": "6841",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6841"
                },
                {
                  "name": "20030212 Lotus Domino DOT Bug Allows for Source Code Viewing",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/311660"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1408",
        "datePublished": "2007-10-20T10:00:00.000Z",
        "dateReserved": "2007-10-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:28:02.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-2191 (GCVE-0-2002-2191)

    Vulnerability from cvelistv5 – Published: 2005-11-16 21:17 – Updated: 2024-09-16 19:36
    VLAI
    Summary
    Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/298874/200… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/6128 vdb-entryx_refsource_BID
    http://www.iss.net/security_center/static/10557.php vdb-entryx_refsource_XF
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:51:17.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20021107 Lotus Domino HTTP Server security issue",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
              },
              {
                "name": "6128",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6128"
              },
              {
                "name": "lotus-domino-version-disclosure(10557)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/10557.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lotus Domino 5.0.9a and earlier, even when configured with the \u0027DominoNoBanner=1\u0027 option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-16T21:17:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20021107 Lotus Domino HTTP Server security issue",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
            },
            {
              "name": "6128",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6128"
            },
            {
              "name": "lotus-domino-version-disclosure(10557)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/10557.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-2191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lotus Domino 5.0.9a and earlier, even when configured with the \u0027DominoNoBanner=1\u0027 option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20021107 Lotus Domino HTTP Server security issue",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
                },
                {
                  "name": "6128",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6128"
                },
                {
                  "name": "lotus-domino-version-disclosure(10557)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/10557.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-2191",
        "datePublished": "2005-11-16T21:17:00.000Z",
        "dateReserved": "2005-11-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:36:48.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1445 (GCVE-0-2001-1445)

    Vulnerability from cvelistv5 – Published: 2005-04-21 04:00 – Updated: 2024-08-08 04:58
    VLAI
    Summary
    Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/176972 third-party-advisoryx_refsource_CERT-VN
    http://www-1.ibm.com/support/docview.wss?rs=899&u… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2001-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:58:09.607Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#176972",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/176972"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-1.ibm.com/support/docview.wss?rs=899\u0026uid=swg21085603"
              },
              {
                "name": "lotus-domino-smtp-mail-relay(6591)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6591"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in \"RCPT TO\" commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#176972",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/176972"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-1.ibm.com/support/docview.wss?rs=899\u0026uid=swg21085603"
            },
            {
              "name": "lotus-domino-smtp-mail-relay(6591)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6591"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1445",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in \"RCPT TO\" commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#176972",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/176972"
                },
                {
                  "name": "http://www-1.ibm.com/support/docview.wss?rs=899\u0026uid=swg21085603",
                  "refsource": "CONFIRM",
                  "url": "http://www-1.ibm.com/support/docview.wss?rs=899\u0026uid=swg21085603"
                },
                {
                  "name": "lotus-domino-smtp-mail-relay(6591)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6591"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1445",
        "datePublished": "2005-04-21T04:00:00.000Z",
        "dateReserved": "2005-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:58:09.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2000-1203 (GCVE-0-2000-1203)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 05:45
    VLAI
    Summary
    Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/209754 mailing-listx_refsource_BUGTRAQ
    http://marc.info/?l=vuln-dev&m=95886062521327&w=2 mailing-listx_refsource_VULN-DEV
    http://www.securityfocus.com/bid/3212 vdb-entryx_refsource_BID
    http://www.securityfocus.com/cgi-bin/archive.pl?i… mailing-listx_refsource_BUGTRAQ
    Date Public
    2000-05-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T05:45:37.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "lotus-domino-bounced-message-dos(7012)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7012"
              },
              {
                "name": "20010823 Lotus Domino DoS solution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/209754"
              },
              {
                "name": "20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULN-DEV",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=vuln-dev\u0026m=95886062521327\u0026w=2"
              },
              {
                "name": "3212",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3212"
              },
              {
                "name": "20010820 Lotus Domino DoS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-01-21\u0026end=2002-01-27\u0026mid=209116\u0026threads=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2000-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2003-03-25T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "lotus-domino-bounced-message-dos(7012)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7012"
            },
            {
              "name": "20010823 Lotus Domino DoS solution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/209754"
            },
            {
              "name": "20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER",
              "tags": [
                "mailing-list",
                "x_refsource_VULN-DEV"
              ],
              "url": "http://marc.info/?l=vuln-dev\u0026m=95886062521327\u0026w=2"
            },
            {
              "name": "3212",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3212"
            },
            {
              "name": "20010820 Lotus Domino DoS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-01-21\u0026end=2002-01-27\u0026mid=209116\u0026threads=1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2000-1203",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "lotus-domino-bounced-message-dos(7012)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7012"
                },
                {
                  "name": "20010823 Lotus Domino DoS solution",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/209754"
                },
                {
                  "name": "20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER",
                  "refsource": "VULN-DEV",
                  "url": "http://marc.info/?l=vuln-dev\u0026m=95886062521327\u0026w=2"
                },
                {
                  "name": "3212",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3212"
                },
                {
                  "name": "20010820 Lotus Domino DoS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-01-21\u0026end=2002-01-27\u0026mid=209116\u0026threads=1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2000-1203",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-08T05:45:37.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1010 (GCVE-0-2002-1010)

    Vulnerability from cvelistv5 – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
    VLAI
    Summary
    Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    Date Public
    2002-07-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:12:16.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability...",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a \"?\" character, which is treated as a wildcard character and bypasses the web handlers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-09-10T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability...",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1010",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a \"?\" character, which is treated as a wildcard character and bypasses the web handlers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability...",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1010",
        "datePublished": "2002-08-31T04:00:00.000Z",
        "dateReserved": "2002-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:12:16.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1408 (GCVE-0-2003-1408)

    Vulnerability from nvd – Published: 2007-10-20 10:00 – Updated: 2024-08-08 02:28
    VLAI
    Summary
    Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/311806 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/6841 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/311660 mailing-listx_refsource_BUGTRAQ
    Date Public
    2003-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:28:02.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20030213 Re: Lotus Domino DOT Bug Allows for Source Code Viewing",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/311806"
              },
              {
                "name": "lotus-domino-dot-file-download(11311)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11311"
              },
              {
                "name": "6841",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6841"
              },
              {
                "name": "20030212 Lotus Domino DOT Bug Allows for Source Code Viewing",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/311660"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20030213 Re: Lotus Domino DOT Bug Allows for Source Code Viewing",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/311806"
            },
            {
              "name": "lotus-domino-dot-file-download(11311)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11311"
            },
            {
              "name": "6841",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6841"
            },
            {
              "name": "20030212 Lotus Domino DOT Bug Allows for Source Code Viewing",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/311660"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1408",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20030213 Re: Lotus Domino DOT Bug Allows for Source Code Viewing",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/311806"
                },
                {
                  "name": "lotus-domino-dot-file-download(11311)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11311"
                },
                {
                  "name": "6841",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6841"
                },
                {
                  "name": "20030212 Lotus Domino DOT Bug Allows for Source Code Viewing",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/311660"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1408",
        "datePublished": "2007-10-20T10:00:00.000Z",
        "dateReserved": "2007-10-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:28:02.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-2191 (GCVE-0-2002-2191)

    Vulnerability from nvd – Published: 2005-11-16 21:17 – Updated: 2024-09-16 19:36
    VLAI
    Summary
    Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/298874/200… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/6128 vdb-entryx_refsource_BID
    http://www.iss.net/security_center/static/10557.php vdb-entryx_refsource_XF
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:51:17.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20021107 Lotus Domino HTTP Server security issue",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
              },
              {
                "name": "6128",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6128"
              },
              {
                "name": "lotus-domino-version-disclosure(10557)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/10557.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lotus Domino 5.0.9a and earlier, even when configured with the \u0027DominoNoBanner=1\u0027 option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-16T21:17:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20021107 Lotus Domino HTTP Server security issue",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
            },
            {
              "name": "6128",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6128"
            },
            {
              "name": "lotus-domino-version-disclosure(10557)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/10557.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-2191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lotus Domino 5.0.9a and earlier, even when configured with the \u0027DominoNoBanner=1\u0027 option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20021107 Lotus Domino HTTP Server security issue",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
                },
                {
                  "name": "6128",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6128"
                },
                {
                  "name": "lotus-domino-version-disclosure(10557)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/10557.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-2191",
        "datePublished": "2005-11-16T21:17:00.000Z",
        "dateReserved": "2005-11-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:36:48.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1010 (GCVE-0-2002-1010)

    Vulnerability from nvd – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
    VLAI
    Summary
    Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    Date Public
    2002-07-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:12:16.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability...",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a \"?\" character, which is treated as a wildcard character and bypasses the web handlers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-09-10T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability...",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1010",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a \"?\" character, which is treated as a wildcard character and bypasses the web handlers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability...",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1010",
        "datePublished": "2002-08-31T04:00:00.000Z",
        "dateReserved": "2002-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:12:16.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0407 (GCVE-0-2002-0407)

    Vulnerability from nvd – Published: 2002-06-11 04:00 – Updated: 2024-08-08 02:49
    VLAI
    Summary
    htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/265380 mailing-listx_refsource_BUGTRAQ
    http://marc.info/?l=bugtraq&m=101310812804716&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/4406 vdb-entryx_refsource_BID
    http://www.iss.net/security_center/static/8160.php vdb-entryx_refsource_XF
    Date Public
    2002-02-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:49:28.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020402 KPMG-2002006: Lotus Domino Physical Path Revealed",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/265380"
              },
              {
                "name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
              },
              {
                "name": "4406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4406"
              },
              {
                "name": "lotus-domino-reveal-information(8160)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/8160.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020402 KPMG-2002006: Lotus Domino Physical Path Revealed",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/265380"
            },
            {
              "name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
            },
            {
              "name": "4406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4406"
            },
            {
              "name": "lotus-domino-reveal-information(8160)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/8160.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0407",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020402 KPMG-2002006: Lotus Domino Physical Path Revealed",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/265380"
                },
                {
                  "name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
                },
                {
                  "name": "4406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4406"
                },
                {
                  "name": "lotus-domino-reveal-information(8160)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/8160.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0407",
        "datePublished": "2002-06-11T04:00:00.000Z",
        "dateReserved": "2002-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:49:28.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }