Find a vulnerability
Search criteria
112 vulnerabilities by kerio
VAR-201103-0114
Vulnerability from variot - Updated: 2026-04-10 23:24The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. The following vendors are affected: Ipswitch Kerio Postfix Qmail-TLS Oracle (note that the affected application is unknown) SCO Group spamdyke ISC. Postfix is a mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ========================================================================== Ubuntu Security Notice USN-1113-1 April 18, 2011
postfix vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary:
An attacker could send crafted input to Postfix and cause it to reveal confidential information. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)
Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. (CVE-2011-0411)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: postfix 2.7.1-1ubuntu0.1
Ubuntu 10.04 LTS: postfix 2.7.0-1ubuntu0.1
Ubuntu 9.10: postfix 2.6.5-3ubuntu0.1
Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.3
Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
References: CVE-2009-2939, CVE-2011-0411
Package Information: https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3 https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3
.
CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-33
http://security.gentoo.org/
Severity: High Title: Postfix: Multiple vulnerabilities Date: June 25, 2012 Bugs: #358085, #366605 ID: 201206-33
Synopsis
A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution.
Background
Postfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy = to administer, and secure, as an alternative to the widely-used Sendmail program.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-mta/postfix < 2.7.4 >= 2.7.4
Description
A vulnerability have been discovered in Postfix. Please review the CVE identifier referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Postfix users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.7.4"
References
[ 1 ] CVE-2011-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411 [ 2 ] CVE-2011-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-33.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP (Simple Mail Transfer Protocol) over TLS (Transport Layer Security) including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is affected, fixes, and draw lessons about where we can expect similar problems. A time line is at the end.
For further reading: http://www.kb.cert.org/vuls/id/555316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411 http://www.postfix.org/CVE-2011-0411.html (extended writeup)
Wietse
Problem overview and impact
The TLS protocol encrypts communication and protects it against modification by other parties. This protection exists only if a) software is free of flaws, and b) clients verify the server's TLS certificate, so that there can be no "man in the middle" (servers usually don't verify client certificates).
The problem discussed in this writeup is caused by a software flaw.
The injected commands could be used to steal the victim's email or SASL (Simple Authentication and Security Layer) username and password.
This is not as big a problem as it may appear to be. The reason is that many SMTP client applications don't verify server TLS certificates. These SMTP clients are always vulnerable to command injection and other attacks. Their TLS sessions are only encrypted but not protected.
A similar plaintext injection flaw may exist in the way SMTP clients handle SMTP-over-TLS server responses, but its impact is less interesting than the server-side flaw.
SMTP is not the only protocol with a mid-session switch from plaintext to TLS. Other examples are POP3, IMAP, NNTP and FTP. Implementations of these protocols may be affected by the same flaw as discussed here.
Demonstration
The problem is easy to demonstrate with a one-line change to the OpenSSL s_client command source code (I would prefer scripting, but having to install Perl CPAN modules and all their dependencies is more work than downloading a .tar.gz file from openssl.org, adding eight characters to one line, and doing "./config; make").
The OpenSSL s_client command can make a connection to servers that support straight TLS, SMTP over TLS, or a handful other protocols over TLS. The demonstration with SMTP over TLS involves a one-line change in the OpenSSL s_client source code (with OpenSSL 1.0.0, at line 1129 of file apps/s_client.c).
Old: BIO_printf(sbio,"STARTTLS\r\n"); New: BIO_printf(sbio,"STARTTLS\r\nRSET\r\n");
With this change, the s_client command sends the plaintext STARTTLS command ("let's turn on TLS") immediately followed by an RSET command (a relatively harmless protocol "reset"). Both commands are sent as plaintext in the same TCP/IP packet, and arrive together at the server. The "\r\n" are the carriage-return and newline characters; these are necessary to terminate an SMTP command.
When an SMTP server has the plaintext injection flaw, it reads the STARTTLS command first, switches to SMTP-over-TLS mode, and only then the server reads the RSET command. Note, the RSET command was transmitted during the plaintext SMTP phase when there is no protection, but the server reads the command as if it was received over the TLS-protected channel.
Thus, when the SMTP server has the flaw, the s_client command output will show two "250" SMTP server responses instead of one. The first "250" response is normal, and is present even when the server is not flawed. The second "250" response is for the RSET command, and indicates that the SMTP server has the plaintext injection flaw.
$ apps/openssl s_client -quiet -starttls smtp -connect server:port [some server TLS certificate details omitted] 250 some text here <=== Normal response, also with "good" server. 250 more text here <=== RSET response, only with flawed server.
Anatomy of the flaw: it's all about the plumbing
Whether a program may have the plaintext injection flaw depends on how it adjusts the plumbing, as it inserts the TLS protocol layer in-between the SMTP protocol layer and the O/S TCP/IP protocol layer. I illustrate this with examples from three open source MTAs: Postfix, Sendmail and Exim. The diagram below is best viewed with a fixed-width font, for example, from the Courier family.
Postfix MTA Sendmail MTA Exim MTA
before/after before/after before/after
switch to TLS switch to TLS switch to TLS
SMTP SMTP SMTP SMTP SMTP SMTP <= SMTP layer
|| || || || || ||
stream stream stream stream' || || buffers buffers buffers buffers' rw r'w' <= stream layer rw r'w' rw r'w' || || || || || || || || || TLS || TLS || TLS <= TLS layer || || || || || || O/S O/S O/S O/S O/S O/S <= TCP/IP layer
As shown in the diagram, both Postfix and Sendmail use an application- level stream abstraction, where each stream has properties such as read/write buffers, read/write functions (indicated with rw), and other properties that are omitted for brevity.
When Postfix switches to SMTP over TLS, it replaces the plaintext read/write functions (rw) with the TLS read/write functions (r'w'). Postfix does not modify any of the other stream properties including the read/write buffers. A patch for qmail that introduces TLS support uses the same approach. This approach of replacing only the stream read/write functions, but not the buffers or other stream properties, can introduce the plaintext injection flaw.
When Sendmail switches to SMTP over TLS, it replaces the entire stream, along with its read/write buffers and read/write functions. Exim, on the other hand, does not seem to have a stream abstraction like Postfix, Sendmail or qmail. Instead of replacing streams or stream properties, Exim replaces plaintext read/write functions with TLS read/write functions. Because of their program structure, Sendmail and Exim didn't suffer from the plaintext injection flaw.
Fixing the problem
There are two solutions to address the flaw, and both solutions can be used together.
- Report an error when unexpected plaintext is received after the STARTTLS command. As documented in RFC 3207, STARTTLS must be the last command in a pipelined group. If plaintext commands are received after STARTTLS, then that is a protocol violation.
This measure can also be implemented outside the MTA, for example in a protocol-aware firewall.
- If a program uses the same input buffer before and after the switch to TLS, it should discard the contents of the input buffer, just like it discards SMTP protocol information that it received during the plaintext protocol phase.
Conclusion
This plaintext injection problem is likely to recur when some development moves the plaintext-to-ciphertext switch outside the application: for example, into the kernel, into the local hardware, into a proxy, or into other infrastructure. This encourages applications to use the same application-level streams and buffers and read/write functions before and after the switch to ciphertext. When this migration happens, plaintext injection becomes once more a possibility.
Time line
Jan 5 2011: While finishing Postfix for its annual release, I found and fixed this flaw in the SMTP server and client implementations, where it had been sitting ever since TLS support was adopted.
Jan 6-10 2011: As we investigated the scope of the problem, Victor Duchovni (co-developer) discovered that other implementations were also affected including security providers and security appliances.
Jan 11 2011: Contact CERT/CC to help coordinate with the problem's resolution.
Mar 7 2011: Public announcement, and Postfix legacy release updates.
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411 http://www.postfix.org/CVE-2011-0411.html http://www.kb.cert.org/vuls/id/555316 http://www.securityfocus.com/archive/1/516901/30/0/threaded
Updated Packages:
Mandriva Linux 2009.0: eb607fe6834ded296aec54851a3bd56c 2009.0/i586/libpostfix1-2.5.5-4.2mdv2009.0.i586.rpm 76a18eb7f7627ba5489137eb592d0c8b 2009.0/i586/postfix-2.5.5-4.2mdv2009.0.i586.rpm 61c70b9d189f68276601d724e8444d9f 2009.0/i586/postfix-ldap-2.5.5-4.2mdv2009.0.i586.rpm 24255918008338487798ea647860484e 2009.0/i586/postfix-mysql-2.5.5-4.2mdv2009.0.i586.rpm e4d4db07cb302b3072f78097f84e1b87 2009.0/i586/postfix-pcre-2.5.5-4.2mdv2009.0.i586.rpm ebd9879c9c773c3d57375809c696f517 2009.0/i586/postfix-pgsql-2.5.5-4.2mdv2009.0.i586.rpm b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 73053818f39aba0ee0bece7ab997b07c 2009.0/x86_64/lib64postfix1-2.5.5-4.2mdv2009.0.x86_64.rpm c0e3c04bfd70acc0ee09e7413b3a3400 2009.0/x86_64/postfix-2.5.5-4.2mdv2009.0.x86_64.rpm 435fe07232bf307882a1589bc1ccca22 2009.0/x86_64/postfix-ldap-2.5.5-4.2mdv2009.0.x86_64.rpm 4d1d018487d1c3328cd425d220136a6f 2009.0/x86_64/postfix-mysql-2.5.5-4.2mdv2009.0.x86_64.rpm e7bd9b102319bc1ed4cdda27edaf26e2 2009.0/x86_64/postfix-pcre-2.5.5-4.2mdv2009.0.x86_64.rpm 7051b04bff45730a0268c5b311361111 2009.0/x86_64/postfix-pgsql-2.5.5-4.2mdv2009.0.x86_64.rpm b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm
Mandriva Linux 2010.0: f83a569908244de2e04f13c5e9cbc29a 2010.0/i586/libpostfix1-2.6.5-2.1mdv2010.0.i586.rpm b28f60198223458fe7a8b9c92d9901c1 2010.0/i586/postfix-2.6.5-2.1mdv2010.0.i586.rpm 1572c433ec62d49970a250050da98ed7 2010.0/i586/postfix-ldap-2.6.5-2.1mdv2010.0.i586.rpm 2aeb9f3d82b97e4314b3f8d6500a244a 2010.0/i586/postfix-mysql-2.6.5-2.1mdv2010.0.i586.rpm 2d93c886dda73832ee8b96961e0cc316 2010.0/i586/postfix-pcre-2.6.5-2.1mdv2010.0.i586.rpm 544853ecd21ca236324418232b59d206 2010.0/i586/postfix-pgsql-2.6.5-2.1mdv2010.0.i586.rpm e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 0282b58fb34ab310a8e66cda1792da37 2010.0/x86_64/lib64postfix1-2.6.5-2.1mdv2010.0.x86_64.rpm 644f3b20cfed1b5e57ef53a7ef94898a 2010.0/x86_64/postfix-2.6.5-2.1mdv2010.0.x86_64.rpm 16b27a49a3dcae6fa520c3cb24b2f69b 2010.0/x86_64/postfix-ldap-2.6.5-2.1mdv2010.0.x86_64.rpm 9e60217b6e8adc9a0e286df835f9d695 2010.0/x86_64/postfix-mysql-2.6.5-2.1mdv2010.0.x86_64.rpm 8594b10f400395fff17ffda26e9e3b3d 2010.0/x86_64/postfix-pcre-2.6.5-2.1mdv2010.0.x86_64.rpm e63fb8c5794ce971488898af1d537f36 2010.0/x86_64/postfix-pgsql-2.6.5-2.1mdv2010.0.x86_64.rpm e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm
Mandriva Linux 2010.1: 19ee5b6c6a18c73ccf1d74e20f89759d 2010.1/i586/libpostfix1-2.7.0-4.1mdv2010.2.i586.rpm 7a468df2b451f6972c38faf1f60ad8af 2010.1/i586/postfix-2.7.0-4.1mdv2010.2.i586.rpm a814f84c61afd93f3416c69d993afd7a 2010.1/i586/postfix-cdb-2.7.0-4.1mdv2010.2.i586.rpm f6f7f9492ab304d28f8aa4bfc653ca1e 2010.1/i586/postfix-ldap-2.7.0-4.1mdv2010.2.i586.rpm 8013bafd20881dd85b3be95529be848d 2010.1/i586/postfix-mysql-2.7.0-4.1mdv2010.2.i586.rpm 145c8551dc1c51b071d1f3f992f8e638 2010.1/i586/postfix-pcre-2.7.0-4.1mdv2010.2.i586.rpm 8f0d058eda66267085cbe5a7f5133b60 2010.1/i586/postfix-pgsql-2.7.0-4.1mdv2010.2.i586.rpm c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 0a9207a9e00cce2e656ff248513d5bc3 2010.1/x86_64/lib64postfix1-2.7.0-4.1mdv2010.2.x86_64.rpm 3e2cc9ea2bf3d6979d5c6a5b3ec9b54a 2010.1/x86_64/postfix-2.7.0-4.1mdv2010.2.x86_64.rpm c8c5efad63b597b3d3a0aec3c5027ffa 2010.1/x86_64/postfix-cdb-2.7.0-4.1mdv2010.2.x86_64.rpm 71d9a4095514c72494c4f02d2696b619 2010.1/x86_64/postfix-ldap-2.7.0-4.1mdv2010.2.x86_64.rpm 8865fea8796435b2d715bf0d89c4530f 2010.1/x86_64/postfix-mysql-2.7.0-4.1mdv2010.2.x86_64.rpm 784960a49889f3fce8a308842321d8e8 2010.1/x86_64/postfix-pcre-2.7.0-4.1mdv2010.2.x86_64.rpm dc50ccda7bfb1a1f7f673bc251f14683 2010.1/x86_64/postfix-pgsql-2.7.0-4.1mdv2010.2.x86_64.rpm c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm
Corporate 4.0: 6b7d62433679d20ae3b5cdf2668019e7 corporate/4.0/i586/libpostfix1-2.3.5-0.4.20060mlcs4.i586.rpm c5d4cbc67d00e0ea8b32c6598d6d65f0 corporate/4.0/i586/postfix-2.3.5-0.4.20060mlcs4.i586.rpm 287daadea040f15c1e25a6de77a438b2 corporate/4.0/i586/postfix-ldap-2.3.5-0.4.20060mlcs4.i586.rpm aac87a567ae68c48d4e8226429b35697 corporate/4.0/i586/postfix-mysql-2.3.5-0.4.20060mlcs4.i586.rpm c331a8061b0c5a6639c633d608e37871 corporate/4.0/i586/postfix-pcre-2.3.5-0.4.20060mlcs4.i586.rpm 25ce650233120a54e830c120f773f715 corporate/4.0/i586/postfix-pgsql-2.3.5-0.4.20060mlcs4.i586.rpm f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 45b683c80b3006c3df5144bfe0fede86 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.4.20060mlcs4.x86_64.rpm fc82cfcdbf89c059b6850edfa049128f corporate/4.0/x86_64/postfix-2.3.5-0.4.20060mlcs4.x86_64.rpm 7057754d88c8146d235d3ab96fd64d2f corporate/4.0/x86_64/postfix-ldap-2.3.5-0.4.20060mlcs4.x86_64.rpm 872c28155eb6276ba0fd1001387ffac7 corporate/4.0/x86_64/postfix-mysql-2.3.5-0.4.20060mlcs4.x86_64.rpm 644747748d18077fc63aa740c2947768 corporate/4.0/x86_64/postfix-pcre-2.3.5-0.4.20060mlcs4.x86_64.rpm 19b2a209beade7e6e25de6d0f3cb4b6d corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.4.20060mlcs4.x86_64.rpm f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: 9c50578bd954be2ea42e6f3f3131cc9c mes5/i586/libpostfix1-2.5.5-4.2mdvmes5.2.i586.rpm bca22f9be6e6bef4e02f2ffb4623d2e3 mes5/i586/postfix-2.5.5-4.2mdvmes5.2.i586.rpm 45cfa7336d29cddca1ac07270d2b8287 mes5/i586/postfix-ldap-2.5.5-4.2mdvmes5.2.i586.rpm 87d4b942fefedc239a213b3ce5715cf0 mes5/i586/postfix-mysql-2.5.5-4.2mdvmes5.2.i586.rpm b3caf9572b69e757b9697139bb0ed5d8 mes5/i586/postfix-pcre-2.5.5-4.2mdvmes5.2.i586.rpm bde845f9957e2ead0e398c5bebef6f79 mes5/i586/postfix-pgsql-2.5.5-4.2mdvmes5.2.i586.rpm 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: d920df80c9fdbcb64a9c50d265acd7e8 mes5/x86_64/lib64postfix1-2.5.5-4.2mdvmes5.2.x86_64.rpm 1d09a25b69b76b2c013bac182c0e456d mes5/x86_64/postfix-2.5.5-4.2mdvmes5.2.x86_64.rpm 0afe348155bee4af965ec616d86a9219 mes5/x86_64/postfix-ldap-2.5.5-4.2mdvmes5.2.x86_64.rpm db4e476a96f489d957610fb1ff7c6f9e mes5/x86_64/postfix-mysql-2.5.5-4.2mdvmes5.2.x86_64.rpm 6ce0428271de05b3bb2d2e430c3281a3 mes5/x86_64/postfix-pcre-2.5.5-4.2mdvmes5.2.x86_64.rpm 32468daeee58b727ce1c85adcc2b364c mes5/x86_64/postfix-pgsql-2.5.5-4.2mdvmes5.2.x86_64.rpm 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request.
For the oldstable distribution (lenny), this problem has been fixed in version 2.5.5-1.1+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 2.7.1-1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 2.8.0-1.
We recommend that you upgrade your postfix packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw 5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG 2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW DTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN jX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue YNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY= =yCCp -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.3"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.8"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.1"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.7"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.5"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.6"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.4"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.2"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.0"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.9"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.11"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.0"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.1"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.15"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.13"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.1"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.1"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.6"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.12"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.4"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.5"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.5"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.4"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.7"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.11"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.14"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.8"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.0"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.9"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.2"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.0"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.3"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.10"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.6"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.2"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.10"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.8"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.3"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.2"
},
{
"_id": null,
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.7"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyrus imap",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postfix",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qmail tls",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "watchguard",
"version": null
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.3.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"_id": null,
"model": "spamdyke",
"scope": "ne",
"trust": 0.3,
"vendor": "spamdyke",
"version": "4.2.1"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"_id": null,
"model": "imap server",
"scope": "eq",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.4"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "groupware server 2.2-rc3",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.9"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.01"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.4.9"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.3"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.5"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.2"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.3"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "pure-ftpd",
"scope": "ne",
"trust": 0.3,
"vendor": "pureftpd",
"version": "1.0.30"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "20011115"
},
{
"_id": null,
"model": "groupware server -rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.3"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.11"
},
{
"_id": null,
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"_id": null,
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7.01"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.2.2"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.5"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20110"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.5.2"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.3"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.3"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.3"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.13"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.23"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "linux enterprise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "pure-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "pureftpd",
"version": "1.0.29"
},
{
"_id": null,
"model": "groupware server 2.1.beta3",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.0"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.3"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "groupware server",
"scope": "ne",
"trust": 0.3,
"vendor": "kolab",
"version": "2.3.2"
},
{
"_id": null,
"model": "inn",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "2.5.3"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.4.8"
},
{
"_id": null,
"model": "spamdyke",
"scope": "eq",
"trust": 0.3,
"vendor": "spamdyke",
"version": "4.2"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.31"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1"
},
{
"_id": null,
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.13"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "19991231"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"_id": null,
"model": "imap server",
"scope": "ne",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4.7"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.1"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.3.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "connect build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.42985"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"_id": null,
"model": "linux enterprise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.2"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.1"
},
{
"_id": null,
"model": "groupware server 2.1beta2",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.6-20080902"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"_id": null,
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "scooffice server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.20"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.1"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.2"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1.3"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.12"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.4"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.11"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "xcs",
"scope": "eq",
"trust": 0.3,
"vendor": "watchguard",
"version": "9.1"
},
{
"_id": null,
"model": "netqmail",
"scope": "eq",
"trust": 0.3,
"vendor": "qmail smtpd auth",
"version": "0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.4.1"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.0.21"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.0"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.4"
},
{
"_id": null,
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "groupware server 2.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.10"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.5"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.8"
},
{
"_id": null,
"model": "groupware server beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.10"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.6"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "20010228"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.4"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"_id": null,
"model": "imap server",
"scope": "eq",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4.6"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"_id": null,
"model": "starttls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "0"
},
{
"_id": null,
"model": "mailserver build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.17069"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.0"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "groupware server beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.5"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "venema postfix patchlevel",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.44"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.1"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.4"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.7"
},
{
"_id": null,
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.4"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.10"
},
{
"_id": null,
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "19990906"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.6"
},
{
"_id": null,
"model": "xcs",
"scope": "eq",
"trust": 0.3,
"vendor": "watchguard",
"version": "9.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"credits": {
"_id": null,
"data": "Wietse Venema",
"sources": [
{
"db": "BID",
"id": "46767"
},
{
"db": "PACKETSTORM",
"id": "99053"
}
],
"trust": 0.4
},
"cve": "CVE-2011-0411",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-0411",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-48356",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-0411",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555316",
"trust": 0.8,
"value": "1.39"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-48356",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-0411",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"description": {
"_id": null,
"data": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. \nAn attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. \nThe following vendors are affected:\nIpswitch\nKerio\nPostfix\nQmail-TLS\nOracle (note that the affected application is unknown)\nSCO Group\nspamdyke\nISC. Postfix is \u200b\u200ba mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ==========================================================================\nUbuntu Security Notice USN-1113-1\nApril 18, 2011\n\npostfix vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 9.10\n- Ubuntu 8.04 LTS\n- Ubuntu 6.06 LTS\n\nSummary:\n\nAn attacker could send crafted input to Postfix and cause it to reveal\nconfidential information. \nThis issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)\n\nWietse Venema discovered that Postfix incorrectly handled cleartext\ncommands after TLS is in place. (CVE-2011-0411)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.10:\n postfix 2.7.1-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n postfix 2.7.0-1ubuntu0.1\n\nUbuntu 9.10:\n postfix 2.6.5-3ubuntu0.1\n\nUbuntu 8.04 LTS:\n postfix 2.5.1-2ubuntu1.3\n\nUbuntu 6.06 LTS:\n postfix 2.2.10-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n CVE-2009-2939, CVE-2011-0411\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3\n https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3\n\n\n. \n\nCVE-2011-4130\n\tProFTPD uses a response pool after freeing it under\n\texceptional conditions, possibly leading to remote code\n\texecution. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-33\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Postfix: Multiple vulnerabilities\n Date: June 25, 2012\n Bugs: #358085, #366605\n ID: 201206-33\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in Postfix, the worst of which possibly\nallowing remote code execution. \n\nBackground\n==========\n\nPostfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy =\nto\nadminister, and secure, as an alternative to the widely-used Sendmail\nprogram. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 mail-mta/postfix \u003c 2.7.4 \u003e= 2.7.4\n\nDescription\n===========\n\nA vulnerability have been discovered in Postfix. Please review the CVE\nidentifier referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Postfix users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-mta/postfix-2.7.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-0411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411\n[ 2 ] CVE-2011-1720\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-33.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. This is a writeup about a flaw that I found recently, and that\nexisted in multiple implementations of SMTP (Simple Mail Transfer\nProtocol) over TLS (Transport Layer Security) including my Postfix\nopen source mailserver. I give an overview of the problem and its\nimpact, how to find out if a server is affected, fixes, and draw\nlessons about where we can expect similar problems. A time line\nis at the end. \n\nFor further reading:\nhttp://www.kb.cert.org/vuls/id/555316 \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411\nhttp://www.postfix.org/CVE-2011-0411.html (extended writeup)\n\n\tWietse\n\nProblem overview and impact\n===========================\n\nThe TLS protocol encrypts communication and protects it against\nmodification by other parties. This protection exists only if a)\nsoftware is free of flaws, and b) clients verify the server\u0027s TLS\ncertificate, so that there can be no \"man in the middle\" (servers\nusually don\u0027t verify client certificates). \n\nThe problem discussed in this writeup is caused by a software flaw. \n\nThe injected commands could be used to steal the victim\u0027s email or\nSASL (Simple Authentication and Security Layer) username and password. \n\nThis is not as big a problem as it may appear to be. The reason\nis that many SMTP client applications don\u0027t verify server TLS\ncertificates. These SMTP clients are always vulnerable to command\ninjection and other attacks. Their TLS sessions are only encrypted\nbut not protected. \n\nA similar plaintext injection flaw may exist in the way SMTP clients\nhandle SMTP-over-TLS server responses, but its impact is less\ninteresting than the server-side flaw. \n\nSMTP is not the only protocol with a mid-session switch from plaintext\nto TLS. Other examples are POP3, IMAP, NNTP and FTP. Implementations\nof these protocols may be affected by the same flaw as discussed here. \n\nDemonstration\n=============\n\nThe problem is easy to demonstrate with a one-line change to the\nOpenSSL s_client command source code (I would prefer scripting, but\nhaving to install Perl CPAN modules and all their dependencies is\nmore work than downloading a .tar.gz file from openssl.org, adding\neight characters to one line, and doing \"./config; make\"). \n\nThe OpenSSL s_client command can make a connection to servers that\nsupport straight TLS, SMTP over TLS, or a handful other protocols\nover TLS. The demonstration with SMTP over TLS involves a one-line\nchange in the OpenSSL s_client source code (with OpenSSL 1.0.0, at\nline 1129 of file apps/s_client.c). \n\nOld:\t\tBIO_printf(sbio,\"STARTTLS\\r\\n\");\nNew:\t\tBIO_printf(sbio,\"STARTTLS\\r\\nRSET\\r\\n\");\n\nWith this change, the s_client command sends the plaintext STARTTLS\ncommand (\"let\u0027s turn on TLS\") immediately followed by an RSET command\n(a relatively harmless protocol \"reset\"). Both commands are sent\nas plaintext in the same TCP/IP packet, and arrive together at the\nserver. The \"\\r\\n\" are the carriage-return and newline characters;\nthese are necessary to terminate an SMTP command. \n\nWhen an SMTP server has the plaintext injection flaw, it reads the\nSTARTTLS command first, switches to SMTP-over-TLS mode, and only\nthen the server reads the RSET command. Note, the RSET command was\ntransmitted during the plaintext SMTP phase when there is no\nprotection, but the server reads the command as if it was received\nover the TLS-protected channel. \n\nThus, when the SMTP server has the flaw, the s_client command output\nwill show two \"250\" SMTP server responses instead of one. The first\n\"250\" response is normal, and is present even when the server is\nnot flawed. The second \"250\" response is for the RSET command, and\nindicates that the SMTP server has the plaintext injection flaw. \n\n $ apps/openssl s_client -quiet -starttls smtp -connect server:port\n [some server TLS certificate details omitted]\n 250 some text here \u003c=== Normal response, also with \"good\" server. \n 250 more text here \u003c=== RSET response, only with flawed server. \n\nAnatomy of the flaw: it\u0027s all about the plumbing\n================================================\n\nWhether a program may have the plaintext injection flaw depends on\nhow it adjusts the plumbing, as it inserts the TLS protocol layer\nin-between the SMTP protocol layer and the O/S TCP/IP protocol\nlayer. I illustrate this with examples from three open source MTAs:\nPostfix, Sendmail and Exim. The diagram below is best viewed with\na fixed-width font, for example, from the Courier family. \n\n Postfix MTA Sendmail MTA Exim MTA\n before/after before/after before/after\n switch to TLS switch to TLS switch to TLS\n\n SMTP SMTP SMTP SMTP SMTP SMTP \u003c= SMTP layer\n || || || || || ||\n stream stream stream stream\u0027 || ||\n buffers buffers buffers buffers\u0027 rw r\u0027w\u0027 \u003c= stream layer\n rw r\u0027w\u0027 rw r\u0027w\u0027 || ||\n || || || || || ||\n || TLS || TLS || TLS \u003c= TLS layer\n || || || || || ||\n O/S O/S O/S O/S O/S O/S \u003c= TCP/IP layer\n\nAs shown in the diagram, both Postfix and Sendmail use an application-\nlevel stream abstraction, where each stream has properties such as\nread/write buffers, read/write functions (indicated with rw), and\nother properties that are omitted for brevity. \n\nWhen Postfix switches to SMTP over TLS, it replaces the plaintext\nread/write functions (rw) with the TLS read/write functions (r\u0027w\u0027). \nPostfix does not modify any of the other stream properties including\nthe read/write buffers. A patch for qmail that introduces TLS\nsupport uses the same approach. This approach of replacing only\nthe stream read/write functions, but not the buffers or other stream\nproperties, can introduce the plaintext injection flaw. \n\nWhen Sendmail switches to SMTP over TLS, it replaces the entire\nstream, along with its read/write buffers and read/write functions. \nExim, on the other hand, does not seem to have a stream abstraction\nlike Postfix, Sendmail or qmail. Instead of replacing streams or\nstream properties, Exim replaces plaintext read/write functions\nwith TLS read/write functions. Because of their program structure,\nSendmail and Exim didn\u0027t suffer from the plaintext injection flaw. \n\nFixing the problem\n==================\n\nThere are two solutions to address the flaw, and both solutions can\nbe used together. \n\n- Report an error when unexpected plaintext is received after the\n STARTTLS command. As documented in RFC 3207, STARTTLS must be\n the last command in a pipelined group. If plaintext commands are\n received after STARTTLS, then that is a protocol violation. \n\n This measure can also be implemented outside the MTA, for example\n in a protocol-aware firewall. \n\n- If a program uses the same input buffer before and after the\n switch to TLS, it should discard the contents of the input buffer,\n just like it discards SMTP protocol information that it received\n during the plaintext protocol phase. \n\nConclusion\n==========\n\nThis plaintext injection problem is likely to recur when some\ndevelopment moves the plaintext-to-ciphertext switch outside the\napplication: for example, into the kernel, into the local hardware,\ninto a proxy, or into other infrastructure. This encourages\napplications to use the same application-level streams and buffers\nand read/write functions before and after the switch to ciphertext. \nWhen this migration happens, plaintext injection becomes once more\na possibility. \n\nTime line\n=========\n\nJan 5 2011: While finishing Postfix for its annual release, I found\nand fixed this flaw in the SMTP server and client implementations,\nwhere it had been sitting ever since TLS support was adopted. \n\nJan 6-10 2011: As we investigated the scope of the problem, Victor\nDuchovni (co-developer) discovered that other implementations were\nalso affected including security providers and security appliances. \n\nJan 11 2011: Contact CERT/CC to help coordinate with the problem\u0027s\nresolution. \n\nMar 7 2011: Public announcement, and Postfix legacy release updates. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026amp;products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411\n http://www.postfix.org/CVE-2011-0411.html\n http://www.kb.cert.org/vuls/id/555316\n http://www.securityfocus.com/archive/1/516901/30/0/threaded\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n eb607fe6834ded296aec54851a3bd56c 2009.0/i586/libpostfix1-2.5.5-4.2mdv2009.0.i586.rpm\n 76a18eb7f7627ba5489137eb592d0c8b 2009.0/i586/postfix-2.5.5-4.2mdv2009.0.i586.rpm\n 61c70b9d189f68276601d724e8444d9f 2009.0/i586/postfix-ldap-2.5.5-4.2mdv2009.0.i586.rpm\n 24255918008338487798ea647860484e 2009.0/i586/postfix-mysql-2.5.5-4.2mdv2009.0.i586.rpm\n e4d4db07cb302b3072f78097f84e1b87 2009.0/i586/postfix-pcre-2.5.5-4.2mdv2009.0.i586.rpm\n ebd9879c9c773c3d57375809c696f517 2009.0/i586/postfix-pgsql-2.5.5-4.2mdv2009.0.i586.rpm \n b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 73053818f39aba0ee0bece7ab997b07c 2009.0/x86_64/lib64postfix1-2.5.5-4.2mdv2009.0.x86_64.rpm\n c0e3c04bfd70acc0ee09e7413b3a3400 2009.0/x86_64/postfix-2.5.5-4.2mdv2009.0.x86_64.rpm\n 435fe07232bf307882a1589bc1ccca22 2009.0/x86_64/postfix-ldap-2.5.5-4.2mdv2009.0.x86_64.rpm\n 4d1d018487d1c3328cd425d220136a6f 2009.0/x86_64/postfix-mysql-2.5.5-4.2mdv2009.0.x86_64.rpm\n e7bd9b102319bc1ed4cdda27edaf26e2 2009.0/x86_64/postfix-pcre-2.5.5-4.2mdv2009.0.x86_64.rpm\n 7051b04bff45730a0268c5b311361111 2009.0/x86_64/postfix-pgsql-2.5.5-4.2mdv2009.0.x86_64.rpm \n b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n f83a569908244de2e04f13c5e9cbc29a 2010.0/i586/libpostfix1-2.6.5-2.1mdv2010.0.i586.rpm\n b28f60198223458fe7a8b9c92d9901c1 2010.0/i586/postfix-2.6.5-2.1mdv2010.0.i586.rpm\n 1572c433ec62d49970a250050da98ed7 2010.0/i586/postfix-ldap-2.6.5-2.1mdv2010.0.i586.rpm\n 2aeb9f3d82b97e4314b3f8d6500a244a 2010.0/i586/postfix-mysql-2.6.5-2.1mdv2010.0.i586.rpm\n 2d93c886dda73832ee8b96961e0cc316 2010.0/i586/postfix-pcre-2.6.5-2.1mdv2010.0.i586.rpm\n 544853ecd21ca236324418232b59d206 2010.0/i586/postfix-pgsql-2.6.5-2.1mdv2010.0.i586.rpm \n e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 0282b58fb34ab310a8e66cda1792da37 2010.0/x86_64/lib64postfix1-2.6.5-2.1mdv2010.0.x86_64.rpm\n 644f3b20cfed1b5e57ef53a7ef94898a 2010.0/x86_64/postfix-2.6.5-2.1mdv2010.0.x86_64.rpm\n 16b27a49a3dcae6fa520c3cb24b2f69b 2010.0/x86_64/postfix-ldap-2.6.5-2.1mdv2010.0.x86_64.rpm\n 9e60217b6e8adc9a0e286df835f9d695 2010.0/x86_64/postfix-mysql-2.6.5-2.1mdv2010.0.x86_64.rpm\n 8594b10f400395fff17ffda26e9e3b3d 2010.0/x86_64/postfix-pcre-2.6.5-2.1mdv2010.0.x86_64.rpm\n e63fb8c5794ce971488898af1d537f36 2010.0/x86_64/postfix-pgsql-2.6.5-2.1mdv2010.0.x86_64.rpm \n e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 19ee5b6c6a18c73ccf1d74e20f89759d 2010.1/i586/libpostfix1-2.7.0-4.1mdv2010.2.i586.rpm\n 7a468df2b451f6972c38faf1f60ad8af 2010.1/i586/postfix-2.7.0-4.1mdv2010.2.i586.rpm\n a814f84c61afd93f3416c69d993afd7a 2010.1/i586/postfix-cdb-2.7.0-4.1mdv2010.2.i586.rpm\n f6f7f9492ab304d28f8aa4bfc653ca1e 2010.1/i586/postfix-ldap-2.7.0-4.1mdv2010.2.i586.rpm\n 8013bafd20881dd85b3be95529be848d 2010.1/i586/postfix-mysql-2.7.0-4.1mdv2010.2.i586.rpm\n 145c8551dc1c51b071d1f3f992f8e638 2010.1/i586/postfix-pcre-2.7.0-4.1mdv2010.2.i586.rpm\n 8f0d058eda66267085cbe5a7f5133b60 2010.1/i586/postfix-pgsql-2.7.0-4.1mdv2010.2.i586.rpm \n c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 0a9207a9e00cce2e656ff248513d5bc3 2010.1/x86_64/lib64postfix1-2.7.0-4.1mdv2010.2.x86_64.rpm\n 3e2cc9ea2bf3d6979d5c6a5b3ec9b54a 2010.1/x86_64/postfix-2.7.0-4.1mdv2010.2.x86_64.rpm\n c8c5efad63b597b3d3a0aec3c5027ffa 2010.1/x86_64/postfix-cdb-2.7.0-4.1mdv2010.2.x86_64.rpm\n 71d9a4095514c72494c4f02d2696b619 2010.1/x86_64/postfix-ldap-2.7.0-4.1mdv2010.2.x86_64.rpm\n 8865fea8796435b2d715bf0d89c4530f 2010.1/x86_64/postfix-mysql-2.7.0-4.1mdv2010.2.x86_64.rpm\n 784960a49889f3fce8a308842321d8e8 2010.1/x86_64/postfix-pcre-2.7.0-4.1mdv2010.2.x86_64.rpm\n dc50ccda7bfb1a1f7f673bc251f14683 2010.1/x86_64/postfix-pgsql-2.7.0-4.1mdv2010.2.x86_64.rpm \n c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm\n\n Corporate 4.0:\n 6b7d62433679d20ae3b5cdf2668019e7 corporate/4.0/i586/libpostfix1-2.3.5-0.4.20060mlcs4.i586.rpm\n c5d4cbc67d00e0ea8b32c6598d6d65f0 corporate/4.0/i586/postfix-2.3.5-0.4.20060mlcs4.i586.rpm\n 287daadea040f15c1e25a6de77a438b2 corporate/4.0/i586/postfix-ldap-2.3.5-0.4.20060mlcs4.i586.rpm\n aac87a567ae68c48d4e8226429b35697 corporate/4.0/i586/postfix-mysql-2.3.5-0.4.20060mlcs4.i586.rpm\n c331a8061b0c5a6639c633d608e37871 corporate/4.0/i586/postfix-pcre-2.3.5-0.4.20060mlcs4.i586.rpm\n 25ce650233120a54e830c120f773f715 corporate/4.0/i586/postfix-pgsql-2.3.5-0.4.20060mlcs4.i586.rpm \n f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 45b683c80b3006c3df5144bfe0fede86 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.4.20060mlcs4.x86_64.rpm\n fc82cfcdbf89c059b6850edfa049128f corporate/4.0/x86_64/postfix-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 7057754d88c8146d235d3ab96fd64d2f corporate/4.0/x86_64/postfix-ldap-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 872c28155eb6276ba0fd1001387ffac7 corporate/4.0/x86_64/postfix-mysql-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 644747748d18077fc63aa740c2947768 corporate/4.0/x86_64/postfix-pcre-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 19b2a209beade7e6e25de6d0f3cb4b6d corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.4.20060mlcs4.x86_64.rpm \n f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 9c50578bd954be2ea42e6f3f3131cc9c mes5/i586/libpostfix1-2.5.5-4.2mdvmes5.2.i586.rpm\n bca22f9be6e6bef4e02f2ffb4623d2e3 mes5/i586/postfix-2.5.5-4.2mdvmes5.2.i586.rpm\n 45cfa7336d29cddca1ac07270d2b8287 mes5/i586/postfix-ldap-2.5.5-4.2mdvmes5.2.i586.rpm\n 87d4b942fefedc239a213b3ce5715cf0 mes5/i586/postfix-mysql-2.5.5-4.2mdvmes5.2.i586.rpm\n b3caf9572b69e757b9697139bb0ed5d8 mes5/i586/postfix-pcre-2.5.5-4.2mdvmes5.2.i586.rpm\n bde845f9957e2ead0e398c5bebef6f79 mes5/i586/postfix-pgsql-2.5.5-4.2mdvmes5.2.i586.rpm \n 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n d920df80c9fdbcb64a9c50d265acd7e8 mes5/x86_64/lib64postfix1-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 1d09a25b69b76b2c013bac182c0e456d mes5/x86_64/postfix-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 0afe348155bee4af965ec616d86a9219 mes5/x86_64/postfix-ldap-2.5.5-4.2mdvmes5.2.x86_64.rpm\n db4e476a96f489d957610fb1ff7c6f9e mes5/x86_64/postfix-mysql-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 6ce0428271de05b3bb2d2e430c3281a3 mes5/x86_64/postfix-pcre-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 32468daeee58b727ce1c85adcc2b364c mes5/x86_64/postfix-pgsql-2.5.5-4.2mdvmes5.2.x86_64.rpm \n 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-2939\n The postinst script grants the postfix user write access to\n /var/spool/postfix/pid, which might allow local users to\n conduct symlink attacks that overwrite arbitrary files. \n\nCVE-2011-1720\n A heap-based read-only buffer overflow allows malicious\n clients to crash the smtpd server process using a crafted SASL\n authentication request. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1. \n\nWe recommend that you upgrade your postfix packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw\n5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG\n2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW\nDTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN\njX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue\nYNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY=\n=yCCp\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0411"
},
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99457"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "99053"
},
{
"db": "PACKETSTORM",
"id": "99392"
},
{
"db": "PACKETSTORM",
"id": "101275"
}
],
"trust": 2.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#555316",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2011-0411",
"trust": 2.8
},
{
"db": "BID",
"id": "46767",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "43646",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "43874",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0891",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0752",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0611",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "71021",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1025179",
"trust": 1.8
},
{
"db": "JUNIPER",
"id": "JSA10705",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/08/10/2",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "99457",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "114177",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "99392",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107027",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "99053",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-48356",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-0411",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101275",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99457"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "99053"
},
{
"db": "PACKETSTORM",
"id": "99392"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"id": "VAR-201103-0114",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48356"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:24:36.765000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Postfix STARTTLS Achieve repair measures for plaintext command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159437"
},
{
"title": "Debian CVElist Bug Report Logs: postfix STARTTLS affected by CVE-2011-0411",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=74282b8fe400ed6ddbb6171a1052e2fd"
},
{
"title": "Debian CVElist Bug Report Logs: [CVE-2011-4130] Use-after-free issue",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f7453f9ff437afb706c192fb10d67eb2"
},
{
"title": "Debian CVElist Bug Report Logs: inn: CVE-2012-3523 prone to STARTTLS plaintext command injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a774850c70017348487727b907fda84b"
},
{
"title": "Debian CVElist Bug Report Logs: courier: CVE-2021-38084",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9dc8ffd76b724b58108eb46bc913121c"
},
{
"title": "Debian CVElist Bug Report Logs: STARTTLS plaintext command injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b03b4eab65949f1c915b1538f80e6a4b"
},
{
"title": "Ubuntu Security Notice: postfix vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1113-1"
},
{
"title": "Debian Security Advisories: DSA-2346-2 proftpd-dfsg -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a1db5959643fcc6f1957a67359aa92ed"
},
{
"title": "Debian Security Advisories: DSA-2233-1 postfix -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=96aadd3bb66ec0adb18615b395c09544"
},
{
"title": "Vision",
"trust": 0.1,
"url": "https://github.com/CoolerVoid/Vision "
},
{
"title": "Vision2",
"trust": 0.1,
"url": "https://github.com/CoolerVoid/Vision2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-264",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"trust": 2.4,
"url": "http://www.postfix.org/cve-2011-0411.html"
},
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 1.9,
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/46767"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht5002"
},
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/moro-8elh6z"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056560.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056559.html"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/71021"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0422.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0423.html"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1025179"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/43646"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/43874"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc2595"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc3207"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc4642"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"trust": 0.8,
"url": "http://www.watchguard.com/archive/softwarecenter.asp"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0411"
},
{
"trust": 0.3,
"url": "http://kolab.org/pipermail/kolab-announce/2011/000101.html"
},
{
"trust": 0.3,
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
},
{
"trust": 0.3,
"url": "http://cyrusimap.org/mediawiki/index.php/bugs_resolved_in_2.4.7"
},
{
"trust": 0.3,
"url": "https://www.isc.org/software/inn/2.5.3article"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/mapg-8d9m4p"
},
{
"trust": 0.3,
"url": "http://files.kolab.org/server/release/kolab-server-2.3.2/sources/release-notes.txt"
},
{
"trust": 0.3,
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"trust": 0.3,
"url": "http://www.watchguard.com/support/release-notes/xcs/9/en-us/en_releasenotes_xcs_9_1_1/en_releasenotes_wg_xcs_9_1_tls_hotfix.pdf"
},
{
"trust": 0.3,
"url": "http://www.spamdyke.org/documentation/changelog.txt"
},
{
"trust": 0.3,
"url": "http://datatracker.ietf.org/doc/draft-josefsson-kerberos5-starttls/?include_text=1"
},
{
"trust": 0.3,
"url": "/archive/1/516901"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100134676"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100141041"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850478"
},
{
"trust": 0.3,
"url": "http://inoa.net/qmail-tls/vu555316.patch"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2939"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1720"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0411"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617849"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1113-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4130"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1720"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0411"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/archive/1/516901/30/0/threaded"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99457"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "99053"
},
{
"db": "PACKETSTORM",
"id": "99392"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#555316",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-48356",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2011-0411",
"ident": null
},
{
"db": "BID",
"id": "46767",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "100558",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "107027",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "99457",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "114177",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "99053",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "99392",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "101275",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2011-0411",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2011-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#555316",
"ident": null
},
{
"date": "2011-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-48356",
"ident": null
},
{
"date": "2011-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0411",
"ident": null
},
{
"date": "2011-03-07T00:00:00",
"db": "BID",
"id": "46767",
"ident": null
},
{
"date": "2011-04-18T22:40:46",
"db": "PACKETSTORM",
"id": "100558",
"ident": null
},
{
"date": "2011-11-16T04:40:08",
"db": "PACKETSTORM",
"id": "107027",
"ident": null
},
{
"date": "2011-03-18T21:45:06",
"db": "PACKETSTORM",
"id": "99457",
"ident": null
},
{
"date": "2012-06-25T22:58:41",
"db": "PACKETSTORM",
"id": "114177",
"ident": null
},
{
"date": "2011-03-07T19:44:44",
"db": "PACKETSTORM",
"id": "99053",
"ident": null
},
{
"date": "2011-03-16T21:26:42",
"db": "PACKETSTORM",
"id": "99392",
"ident": null
},
{
"date": "2011-05-10T18:42:48",
"db": "PACKETSTORM",
"id": "101275",
"ident": null
},
{
"date": "2011-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-213",
"ident": null
},
{
"date": "2011-03-16T22:55:02.717000",
"db": "NVD",
"id": "CVE-2011-0411",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2011-09-08T00:00:00",
"db": "CERT/CC",
"id": "VU#555316",
"ident": null
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-48356",
"ident": null
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0411",
"ident": null
},
{
"date": "2015-04-13T21:35:00",
"db": "BID",
"id": "46767",
"ident": null
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-213",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-0411",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "STARTTLS plaintext command injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
],
"trust": 0.6
}
}
VAR-201109-0130
Vulnerability from variot - Updated: 2026-04-10 22:16The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic. This will result in a false sense of security, and potentially result in the disclosure of sensitive information. HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs:
http://secunia.com/resources/events/sc_2011/
TITLE: IBM Lotus Domino SSL/TLS Initialization Vector Selection Weakness
SECUNIA ADVISORY ID: SA46791
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46791/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46791
RELEASE DATE: 2011-11-11
DISCUSS ADVISORY: http://secunia.com/advisories/46791/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46791/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46791
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness has been reported in IBM Lotus Domino, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.
SOLUTION: As a workaround enable RC4 encryption (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Thai Duong and Juliano Rizzo
ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21568229
IBM ISS X-Force: http://xforce.iss.net/xforce/xfdb/70069
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers) (CVE-2011-4940).
A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories (CVE-2011-4944).
A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely.
Hash table collisions CPU usage DoS for the embedded copy of expat (CVE-2012-0876).
A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions (CVE-2012-1150).
The updated packages have been patched to correct these issues. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP4cpsmqjQ0CJFipgRAns2AKCf6yQzu1AwCPejS+sWBnfY717HLQCeIefL NJQbNxUlwmb1w7aFZIt0vdU= =3Vdc -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-1263-1 November 16, 2011
icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed.
Software Description: - icedtea-web: A web browser plugin to execute Java applets - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation
Details:
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377)
Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3389)
It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. A remote attacker could use this to cause an untrusted application or applet to execute arbitrary code by deserializing malicious input. (CVE-2011-3521)
It was discovered that the Java scripting engine did not perform SecurityManager checks. This could allow a remote attacker to cause an untrusted application or applet to execute arbitrary code with the full privileges of the JVM. (CVE-2011-3544)
It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. (CVE-2011-3547)
It was discovered that a vulnerability existed in the AWTKeyStroke class. A remote attacker could cause an untrusted application or applet to execute arbitrary code. (CVE-2011-3548)
It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. A remote attacker could use this cause a denial of service via an application or applet crash or possibly execute arbitrary code. (CVE-2011-3551)
It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. (CVE-2011-3552)
It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. (CVE-2011-3553)
It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. (CVE-2011-3554)
It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. A remote attacker could use this to execute code with elevated privileges. (CVE-2011-3556, CVE-2011-3557)
It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558)
It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10 icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10 icedtea-netx 1.1.3-1ubuntu1.1 icedtea-plugin 1.1.3-1ubuntu1.1 openjdk-6-jre 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10
Ubuntu 11.04: icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-netx 1.1.1-0ubuntu1~11.04.2 icedtea-plugin 1.1.1-0ubuntu1~11.04.2 openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1
Ubuntu 10.10: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2 icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2
After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ESA-2012-032: RSA BSAFE\xae Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
EMC Identifier: ESA-2012-032
CVE Identifier: CVE-2011-3389
Severity Rating: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products:
All versions of RSA BSAFE Micro Edition Suite prior to 4.0, all platforms
Unaffected Products:
RSA BSAFE Micro Edition Suite 4.0 and higher
Summary:
RSA BSAFE Micro Edition Suite contains updates designed to prevent BEAST attacks (CVE-2011-3389)
Details:
There is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.
The BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.
Recommendation:
The best way to help prevent this attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues.
A second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security.
For customers who cannot or should not implement either of these two methods, RSA BSAFE Micro Edition Suite 4.0 introduces a new feature called first block splitting. First block splitting prevents the BEAST exploit by introducing unknown data into the encryption scheme prior to the attackers inserted plain text data. This is done as follows:
\x951. The first plain text block to be encrypted is split into two blocks. The first block contains the first byte of the data, the second block contains the rest. \x952. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block. \x953. The one byte of data, along with the MAC, is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own. To implement first block splitting in RSA BSAFE Micro Edition Suite 4.0, either for an SSL context or SSL object, call R_SSL_CTX_set_options_by_type() or R_SSL_set_options_by_type() respectively, with the SSL_OP_TYPE_SECURITY option type and the SSL_OP_SPLIT_FIRST_FRAGMENT identifier.
For more information about these functions and identifiers, see the RSA BSAFE Micro Edition Suite API Reference Guide.
Severity Rating:
For an explanation of Severity Ratings, refer to the Knowledge Base Article, \x93Security Advisories Severity Rating\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Obtaining Documentation:
To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.
Getting Support and Service:
For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.
General Customer Support Information:
http://www.rsa.com/node.aspx?id=1264
RSA SecurCare Online:
https://knowledge.rsasecurity.com
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. http://www.rsa.com/node.aspx?id=2575
SecurCare Online Security Advisories
RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
About RSA SecurCare Notes & Security Advisories Subscription
RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.
EMC Product Security Response Center
Security_Alert@EMC.COM
http://www.emc.com/contact-us/contact/product-security-response-center.html
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Cygwin)
iEYEARECAAYFAlBKOMwACgkQtjd2rKp+ALw1HQCfezG65rzhhtvVQAFkXzXQmthr Cc8An3CJlTmuxBfF1dHt/NvQgKED9eR4 =++hy -----END PGP SIGNATURE----- . The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2011-3389
This update enables OpenSSL workarounds against the "BEAST" attack. Additional information can be found in the Curl advisory: http://curl.haxx.se/docs/adv_20120124B.html
CVE-2012-0036
Dan Fandrich discovered that Curl performs insufficient sanitising when extracting the file path part of an URL.
For the oldstable distribution (lenny), this problem has been fixed in version 7.18.2-8lenny6.
For the stable distribution (squeeze), this problem has been fixed in version 7.21.0-2.1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 7.24.0-1.
We recommend that you upgrade your curl packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2012:0508-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0508.html Issue date: 2012-04-23 CVE Names: CVE-2011-3389 CVE-2011-3557 CVE-2011-3560 CVE-2011-3563 CVE-2012-0498 CVE-2012-0499 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 =====================================================================
- Summary:
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3389, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507)
All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13-FP1 Java release. All running instances of IBM Java must be restarted for this update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm
ppc: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.ppc64.rpm
s390x: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.s390x.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm
ppc64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm
s390x: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.s390.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2012-0498.html https://www.redhat.com/security/data/cve/CVE-2012-0499.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://www.redhat.com/security/data/cve/CVE-2012-0507.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following:
Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053
BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313
BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667
CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation
Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates.
DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative
ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048
ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative
Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. This issue does not affect Mac OS X 10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-0652
International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599
Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0643 : iOS Jailbreak Dream Team
LoginWindow Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A local user may be able to obtain other user's login passwords Description: A user-installed input method could intercept password keystrokes from Login Window or Screen Saver Unlock. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher
Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC
Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc.
PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: Multiple vulnerabilities in PHP Description: >PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688
PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048
Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation
QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL)
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative
Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389
USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure
Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502
OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004.
For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33
For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c
For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532
For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b
For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a
For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e
For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03316985
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03316985 Version: 1
HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-05-15 Last Updated: 2012-05-15
Potential Security Impact: Remote Denial of service, unauthorized modification and disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote Denial of Service (DoS), unauthorized modification and disclosure of information.
References: CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-3389, CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0499, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-4447 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4448 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2010-4454 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4462 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4475 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0802 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0815 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0862 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0864 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0865 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-0867 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-0871 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP is providing the following Java updates to resolve the vulnerabilities. The updates are available from: http://www.hp.com/go/java
These issues are addressed in the following versions of the HP Java:
HP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jpi14.JPI14-COM Jpi14.JPI14-COM-DOC Jpi14.JPI14-IPF32 Jpi14.JPI14-PA11 Jdk14.JDK14-COM Jdk14.JDK14-DEMO Jdk14.JDK14-IPF32 Jdk14.JDK14-IPF64 Jdk14.JDK14-PA11 Jdk14.JDK14-PA20 Jdk14.JDK14-PA20W Jdk14.JDK14-PNV2 Jdk14.JDK14-PWV2 Jre14.JRE14-COM Jre14.JRE14-COM-DOC Jre14.JRE14-IPF32 Jre14.JRE14-IPF32-HS Jre14.JRE14-IPF64 Jre14.JRE14-IPF64-HS Jre14.JRE14-PA11 Jre14.JRE14-PA11-HS Jre14.JRE14-PA20 Jre14.JRE14-PA20-HS Jre14.JRE14-PA20W Jre14.JRE14-PA20W-HS Jre14.JRE14-PNV2 Jre14.JRE14-PNV2-H Jre14.JRE14-PWV2 Jre14.JRE14-PWV2-H action: install revision 1.4.2.28.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 15 May 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "02-03"
},
{
"_id": null,
"model": "web server 02-04-/a",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "02-01"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "02-02"
},
{
"_id": null,
"model": "simatic rf68xr",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1"
},
{
"_id": null,
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.10.6"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "simatic rf615r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"_id": null,
"model": "windows",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "curl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.23.1"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "11.10"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "11.04"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": null
},
{
"_id": null,
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "web server 01-02-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "jre 1.4.2 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "jre 1.4.2 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "sdk 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 24",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.4.2 22",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 24",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "sdk 1.4.2 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.4.2 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.4.2 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.7"
},
{
"_id": null,
"model": "sdk 1.4.2 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "jdk 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 16",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 32",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk .0 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jre 1.4.2 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 0 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "sdk 1.4.2 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 24",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "web server 01-02-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus operator for service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "jdk 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 33",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 28",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk .0 4",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "sdk 1.4.2 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk .0 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "sdk 1.4.2 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.4.2 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 28",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "jre 1.4.2 32",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 33",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 32",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "ucosminexus operator for service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 22",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7"
},
{
"_id": null,
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "web server 01-02-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 1.4.2 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 32",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.4.2 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "opera",
"version": null
},
{
"_id": null,
"model": "ucosminexus client )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "jre .0 01",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "ucosminexus operator for service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "web server linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "web server 02-04-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 28",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "jre .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "cosminexus http server windows",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "jdk 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "01-02"
},
{
"_id": null,
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "jdk .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre .0 02",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "cosminexus http server windows",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "web server linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus client )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "jre 1.4.2 27",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 07-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "02-04"
},
{
"_id": null,
"model": "jdk 1.5.0.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "ucosminexus operator for service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "jdk 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 11",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 11-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp home sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows vista edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x640"
},
{
"_id": null,
"model": "software opera web browser beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.50"
},
{
"_id": null,
"model": "fusion middleware 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "111.1.17"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.80"
},
{
"_id": null,
"model": "java se sr8 fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.11"
},
{
"_id": null,
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.2"
},
{
"_id": null,
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "nonstop server h06.16.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software opera web browser b",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.53"
},
{
"_id": null,
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "windows xp professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.14.1"
},
{
"_id": null,
"model": "windows server for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.50"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.63"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.70"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"_id": null,
"model": "windows xp tablet pc edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows vista business 64-bit edition x64-enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"_id": null,
"model": "project openssl b-36.8",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"_id": null,
"model": "power systems 350.c0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.127"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.225"
},
{
"_id": null,
"model": "nonstop server j06.09.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.50"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.219"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.30"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-03"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.15.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.20"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.2.1"
},
{
"_id": null,
"model": "power systems 350.b1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-01(x64)"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "java se sr12",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.0"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"_id": null,
"model": "windows server standard edition gold itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "flex system imm2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.00"
},
{
"_id": null,
"model": "windows server r2 enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"_id": null,
"model": "nonstop server h06.18.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "windows xp media center edition sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2005"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.51"
},
{
"_id": null,
"model": "meeting exchange web conferencing server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"_id": null,
"model": "windows server r2 web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.2"
},
{
"_id": null,
"model": "nonstop server j06.08.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "windows xp home sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows vista home basic sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.16",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.200"
},
{
"_id": null,
"model": "ucosminexus client for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "nonstop server j6.0.14.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java sdk sr10",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "vplex geosynchrony sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "5.2"
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"_id": null,
"model": "forms and reports 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.1.2.1"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.00"
},
{
"_id": null,
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.22"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"_id": null,
"model": "flex system chassis management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.303"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008x640"
},
{
"_id": null,
"model": "jdk 1.5.0 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "software opera web browser 1win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "flex system imm2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.00"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.211"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.104"
},
{
"_id": null,
"model": "nonstop server j06.07.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "jrockit r28.0.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.51"
},
{
"_id": null,
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "web server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-03"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.21.6"
},
{
"_id": null,
"model": "jdk 1.5.0.0 06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "cosminexus developer\u0027s kit for java (windows(x8",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "opera",
"version": "11.51"
},
{
"_id": null,
"model": "cosminexus developer\u0027s kit for java",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-06"
},
{
"_id": null,
"model": "ucosminexus application server light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "nonstop server h06.15.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.4"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.107"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.54"
},
{
"_id": null,
"model": "windows server sp2 enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-x64"
},
{
"_id": null,
"model": "system networking ethernet switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.51"
},
{
"_id": null,
"model": "windows server gold standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "jrockit r28.1.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "773.10"
},
{
"_id": null,
"model": "windows server r2 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.40"
},
{
"_id": null,
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10"
},
{
"_id": null,
"model": "firefox beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"_id": null,
"model": "windows vista business",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.17"
},
{
"_id": null,
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.11.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "windows server for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.10"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "windows server standard edition gold web",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "windows server itanium sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.3"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "windows xp home sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.12"
},
{
"_id": null,
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"_id": null,
"model": "software opera web browser beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.50"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.018"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.019"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.17"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.00"
},
{
"_id": null,
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.10"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.60"
},
{
"_id": null,
"model": "nonstop server j06.13.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.25"
},
{
"_id": null,
"model": "windows home premium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7-x32"
},
{
"_id": null,
"model": "jdk 1.5.0 11-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows server gold compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.02"
},
{
"_id": null,
"model": "rsa bsafe micro edition suite",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "4.0.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.19"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows server standard edition gold datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "access manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "windows vista home premium sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.24"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.65"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.15"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.60"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.12.3"
},
{
"_id": null,
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.19"
},
{
"_id": null,
"model": "windows server sp1 platform sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "software opera web browser beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.10"
},
{
"_id": null,
"model": "windows server enterprise edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.00"
},
{
"_id": null,
"model": "windows server sp2 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.100"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "windows server r2 x64-datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "cosminexus http server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"_id": null,
"model": "windows server enterprise edition itanium sp2 itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"_id": null,
"model": "windows vista business 64-bit edition x64-ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows xp professional edition sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"_id": null,
"model": "nonstop server j06.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "windows rc",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"_id": null,
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "callpilot",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "windows vista home premium",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "9.0"
},
{
"_id": null,
"model": "vplex geosynchrony",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "4.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10-10"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "control patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.01"
},
{
"_id": null,
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.133"
},
{
"_id": null,
"model": "nonstop server h06.21.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.13.2"
},
{
"_id": null,
"model": "access manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "linux enterprise java sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "opera",
"version": "11.60"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.20"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-060"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.101"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.14"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.52"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "meeting exchange recording server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.52"
},
{
"_id": null,
"model": "nonstop server j06.06.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"_id": null,
"model": "windows server web edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "windows server r2 enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "rsa bsafe ssl-c",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "2.8.6"
},
{
"_id": null,
"model": "nonstop server j06.06.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.17.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"_id": null,
"model": "jdk update21",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"_id": null,
"model": "simatic rf68xr",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.2.1"
},
{
"_id": null,
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"_id": null,
"model": "windows server standard edition release candidate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "windows server standard edition sp2 web",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.3"
},
{
"_id": null,
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.5"
},
{
"_id": null,
"model": "windows server terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.54"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"_id": null,
"model": "nonstop server h06.17.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "83"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.84"
},
{
"_id": null,
"model": "jre 21",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.2"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "windows vista business 64-bit edition x86-ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "linux enterprise java sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "java se sr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "windows server gold datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.53"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"_id": null,
"model": "windows server r2 enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.70"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"_id": null,
"model": "nonstop server h06.27",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.20.2"
},
{
"_id": null,
"model": "nonstop server j06.14.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.100"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"_id": null,
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8"
},
{
"_id": null,
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "jrockit r27.6.0-50",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.015"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.105"
},
{
"_id": null,
"model": "windows server r2 datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "nonstop server j06.08.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.306"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.64"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "windows server sp1 compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.13"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-02"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "software opera web browser win32 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.01"
},
{
"_id": null,
"model": "jrockit r27.6.5",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.222"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.18"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.107"
},
{
"_id": null,
"model": "java se sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "nonstop server j06.04.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "web server solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-01"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"_id": null,
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.217"
},
{
"_id": null,
"model": "windows vista business 64-bit edition x86-enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.40"
},
{
"_id": null,
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "windows server gold x64-datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.22"
},
{
"_id": null,
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "web server security enhancement",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.77"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "windows server for itanium-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"_id": null,
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.0"
},
{
"_id": null,
"model": "windows server for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.112"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.344"
},
{
"_id": null,
"model": "cosminexus developer\u0027s kit for java (windows(x8",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-06"
},
{
"_id": null,
"model": "jdk update24",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.215"
},
{
"_id": null,
"model": "meeting exchange client registration server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.57"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.31"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.18"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "windows server enterprise edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-05"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.81"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"_id": null,
"model": "jdk 1.5.0.0 04",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.11.2"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.215"
},
{
"_id": null,
"model": "windows server r2 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"_id": null,
"model": "software opera web browser j",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.11"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "nonstop server h06.25",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.302"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.19.3"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp1 x86-enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.04"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"_id": null,
"model": "power systems 350.b0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.13"
},
{
"_id": null,
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.2"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.20"
},
{
"_id": null,
"model": "windows vista edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "enterprise linux for sap server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "security appscan standard",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.00"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"_id": null,
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"_id": null,
"model": "java se sr9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.68"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.30"
},
{
"_id": null,
"model": "nonstop server j06.07.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.3"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.549.0"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.013"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.50"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.13"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.207"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.1"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.80"
},
{
"_id": null,
"model": "nonstop server j06.08.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"_id": null,
"model": "flex system cmm 1.40.2q",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.06"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.1"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "cosminexus developer\u0027s kit for java (windows(x6",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "tv",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"_id": null,
"model": "nonstop server h06.24",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "nonstop server h06.16.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "nonstop server h06.18.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.223"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.23"
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "jdk update13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.3"
},
{
"_id": null,
"model": "windows server r2 datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13"
},
{
"_id": null,
"model": "windows server gold x64-enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "nonstop server h06.19.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "windows for itanium-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "773.00"
},
{
"_id": null,
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.128"
},
{
"_id": null,
"model": "jrockit r28.0.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk update19",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.15"
},
{
"_id": null,
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "software opera web browser beta build",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.2012981"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.222"
},
{
"_id": null,
"model": "windows server for x64-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "windows server datacenter edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "windows server r2 datacenter sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"_id": null,
"model": "cosminexus studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9"
},
{
"_id": null,
"model": "windows xp tablet pc edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-05"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.53"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.1"
},
{
"_id": null,
"model": "windows server r2 itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "nonstop server j06.11.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java se sr9-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "collax",
"version": "5.5.11"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.72"
},
{
"_id": null,
"model": "windows server standard edition sp2 hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"_id": null,
"model": "update manager update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.01"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.1"
},
{
"_id": null,
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1.1"
},
{
"_id": null,
"model": "windows vista ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.10"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.20"
},
{
"_id": null,
"model": "virtualcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5"
},
{
"_id": null,
"model": "jrockit r27.6.7",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.01"
},
{
"_id": null,
"model": "nonstop server h06.20.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.20"
},
{
"_id": null,
"model": "jre 10-b03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.61"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.90"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "nonstop server j06.05.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "nonstop server j06.07.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "windows server gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.53"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.10.8"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.20.1"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.71"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.220"
},
{
"_id": null,
"model": "java ibm 31-bit sdk for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.16.4"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.10"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"_id": null,
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "java se sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "rsa bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "2.8.5"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "cosminexus http server windows",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-11"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.00"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.102"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "nonstop server h06.21.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp1 x64-enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.10"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.16"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "software opera web browser beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.60"
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.5"
},
{
"_id": null,
"model": "ucosminexus service platform aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00(64)"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-03(x64)"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"_id": null,
"model": "linux enterprise software development kit sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"_id": null,
"model": "web server aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "software opera web browser beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.00"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.20"
},
{
"_id": null,
"model": "power systems 350.d0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.224"
},
{
"_id": null,
"model": "business server",
"scope": "ne",
"trust": 0.3,
"vendor": "collax",
"version": "5.5.12"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.61"
},
{
"_id": null,
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.308"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.10.6"
},
{
"_id": null,
"model": "jdk update17",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"_id": null,
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "cosminexus http server",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-13"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.12"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.54"
},
{
"_id": null,
"model": "nonstop server j06.05.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software opera web browser .6win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.221"
},
{
"_id": null,
"model": "sdk 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.201"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.2"
},
{
"_id": null,
"model": "jdk 0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "jdk update20",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "windows server standard edition r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.62"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.61"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.237"
},
{
"_id": null,
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "773.02"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.31"
},
{
"_id": null,
"model": "nonstop server j06.08.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "nonstop server j06.10.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows xp embedded sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "nonstop server h06.17.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "freeflow print server 91.d2.32",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux enterprise for sap applications sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"_id": null,
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.1"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows server sp1 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "meeting exchange streaming server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "rsa bsafe micro edition suite",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.6"
},
{
"_id": null,
"model": "java se sr11 pf1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "groupware suite",
"scope": "eq",
"trust": 0.3,
"vendor": "collax",
"version": "5.5.11"
},
{
"_id": null,
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.213"
},
{
"_id": null,
"model": "nonstop server h06.15.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.06"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.15"
},
{
"_id": null,
"model": "windows server standard edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "nonstop server j06.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "sdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.40"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.70"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"_id": null,
"model": "jre 1.5.0 09-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "system integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x2"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "nonstop server h06.26",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "5.1.1"
},
{
"_id": null,
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.218"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"_id": null,
"model": "nonstop server j06.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.14"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.21"
},
{
"_id": null,
"model": "nonstop server j06.09.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10"
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"_id": null,
"model": "windows for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "ir",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.45"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"_id": null,
"model": "software opera web browser mac",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.0"
},
{
"_id": null,
"model": "nonstop server j06.05.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "cosminexus server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.216"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "4.0"
},
{
"_id": null,
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.19"
},
{
"_id": null,
"model": "project openssl beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.0"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows server enterprise edition itanium sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows server gold enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows vista sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.1"
},
{
"_id": null,
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "fusion middleware 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "111.1.16"
},
{
"_id": null,
"model": "windows vista business 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.23.1"
},
{
"_id": null,
"model": "websphere multichannel bank transformation toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "vplex geosynchrony",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "5.2.1"
},
{
"_id": null,
"model": "software opera web browser b",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.11"
},
{
"_id": null,
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "jrockit r28.1.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"_id": null,
"model": "windows xp media center edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.16"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.01"
},
{
"_id": null,
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.12"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "nonstop server j06.09.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "jrockit r27.6.6",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.06.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "windows xp media center edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.012"
},
{
"_id": null,
"model": "software opera web browser beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.00"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.17"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.15.3"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.11"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"_id": null,
"model": "bladecenter advanced management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"_id": null,
"model": "java sdk sr13 fp11",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.50"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.0"
},
{
"_id": null,
"model": "windows server gold storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "jrockit r27.6.8",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.02"
},
{
"_id": null,
"model": "windows xp mode",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"_id": null,
"model": "windows vista home premium sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.310"
},
{
"_id": null,
"model": "cosminexus developer\u0027s kit for java (windows(x6",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-06"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.62"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-01"
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.1"
},
{
"_id": null,
"model": "windows server r2 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008x64"
},
{
"_id": null,
"model": "callpilot",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "linux enterprise software development kit sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.11"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "java se sr12-fp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "openjdk",
"scope": "eq",
"trust": 0.3,
"vendor": "openjdk",
"version": "6"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.202"
},
{
"_id": null,
"model": "windows vista business sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows server standard edition gold hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "windows server gold x64-standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-05"
},
{
"_id": null,
"model": "jre beta",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.10"
},
{
"_id": null,
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.15.5"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.30"
},
{
"_id": null,
"model": "jrockit r27.6.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"_id": null,
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.186"
},
{
"_id": null,
"model": "windows server sp2 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.015"
},
{
"_id": null,
"model": "windows vista enterprise sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.219"
},
{
"_id": null,
"model": "java se sr10",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.94"
},
{
"_id": null,
"model": "cosminexus http server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "nonstop server h06.20.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "java se sr11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008x64"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.10"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.80"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "freeflow print server 73.c5.11",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "rsa bsafe ssl-j",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.0.1"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.50"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.02"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.52"
},
{
"_id": null,
"model": "windows xp tablet pc edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.204"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.0"
},
{
"_id": null,
"model": "tls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "1.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.301"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.90"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.00"
},
{
"_id": null,
"model": "rsa bsafe ssl-j",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "5.1.2"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.4"
},
{
"_id": null,
"model": "jdk update23",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.112"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.03"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.0.2"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.10.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.51"
},
{
"_id": null,
"model": "jre 28",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"_id": null,
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.62"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "windows server itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "control",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.0"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "web server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-04"
},
{
"_id": null,
"model": "cosminexus http server linux",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-12"
},
{
"_id": null,
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"_id": null,
"model": "flex system cmm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.00"
},
{
"_id": null,
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "4.0.3"
},
{
"_id": null,
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.52"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.01"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "web server 01-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"_id": null,
"model": "windows server r2 x64-enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"_id": null,
"model": "windows server gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.15"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "windows xp embedded sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.60"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows server datacenter edition release candidate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "jdk 0 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"_id": null,
"model": "windows server r2 enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "hirdb for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"_id": null,
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.20"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.300"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.021"
},
{
"_id": null,
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.50"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.51"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"_id": null,
"model": "nonstop server j06.04.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.3"
},
{
"_id": null,
"model": "windows home premium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.46"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "windows vista sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.15.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.22"
},
{
"_id": null,
"model": "windows server r2 enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.205"
},
{
"_id": null,
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows starter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.07"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.204"
},
{
"_id": null,
"model": "cosminexus http server hp-ux",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-13"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.10"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "jdk update25",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "java se sr13-fp11",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows server sp2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows server standard edition gold standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "windows vista home basic sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.103"
},
{
"_id": null,
"model": "windows server standard edition sp2 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.18.1"
},
{
"_id": null,
"model": "web server 02-04-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.71"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "windows server standard edition r2 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "meeting exchange webportal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-6.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.91"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.601"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "web server solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.017"
},
{
"_id": null,
"model": "windows server r2 compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.210"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"_id": null,
"model": "jdk 1.5.0.0 03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows vista ultimate sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.227"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.309"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.214"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.19.4"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.224"
},
{
"_id": null,
"model": "ucosminexus service platform linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00(x64)"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.11"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"_id": null,
"model": "windows server standard edition gold storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.52"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.8"
},
{
"_id": null,
"model": "nonstop server h06.20.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "cosminexus developer no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.163"
},
{
"_id": null,
"model": "jdk update18",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.304"
},
{
"_id": null,
"model": "windows vista enterprise sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.11"
},
{
"_id": null,
"model": "nonstop server j06.09.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.305"
},
{
"_id": null,
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.60"
},
{
"_id": null,
"model": "windows server r2 datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.13.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.16"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.50"
},
{
"_id": null,
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.4"
},
{
"_id": null,
"model": "nonstop server h06.18.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "cosminexus application server no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.00"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "ne",
"trust": 0.3,
"vendor": "daniel",
"version": "7.24.0"
},
{
"_id": null,
"model": "windows server r2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.10"
},
{
"_id": null,
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.50"
},
{
"_id": null,
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0.1"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.203"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"_id": null,
"model": "nonstop server h06.19.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "windows vista home basic",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp1 x86-ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.7"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "web server aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"_id": null,
"model": "freeflow print server 81.d0.73",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.208"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "software opera web browser beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.00"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "windows server standard edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "nonstop server j06.06.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.12"
},
{
"_id": null,
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"_id": null,
"model": "ucosminexus application server express",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-70"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"_id": null,
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"_id": null,
"model": "simatic rf615r",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.2.1"
},
{
"_id": null,
"model": "windows vista edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "windows server gold itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "jre 27",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp1 x64-ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.209"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.226"
},
{
"_id": null,
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.014"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "nonstop server j06.12.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "jrockit r27.6.9",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "windows server r2 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "power systems 350.a0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "simatic rf68xr",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.1"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.011"
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp1 x64-home premium",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.09.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jrockit r27.6.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.9"
},
{
"_id": null,
"model": "jdk update14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0"
},
{
"_id": null,
"model": "project openssl beta4",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.0"
},
{
"_id": null,
"model": "java se sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"_id": null,
"model": "windows server standard edition gold enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "4.0.2"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "010"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.27"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "windows server r2 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"_id": null,
"model": "windows xp tablet pc edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.18"
},
{
"_id": null,
"model": "networks matrixssl",
"scope": "ne",
"trust": 0.3,
"vendor": "peersec",
"version": "3.2.2"
},
{
"_id": null,
"model": "windows server standard edition gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"_id": null,
"model": "windows server r2 platfom sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows vista ultimate sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-02"
},
{
"_id": null,
"model": "nonstop server j06.10.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "secure sockets layer",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "3.0"
},
{
"_id": null,
"model": "windows ultimate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.5"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "nonstop server h06.24.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.23"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows server r2 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.60"
},
{
"_id": null,
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "websphere multichannel bank transformation toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.0.2"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "connect build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.42985"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.10"
},
{
"_id": null,
"model": "web server 02-04-/a (windows(ip",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.19.6"
},
{
"_id": null,
"model": "windows server datacenter edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"_id": null,
"model": "virtualcenter update 6b",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "simatic rf68xr",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.2"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "cosminexus http server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.6"
},
{
"_id": null,
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.10"
},
{
"_id": null,
"model": "windows server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software opera web browser 3win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "openjdk",
"scope": "eq",
"trust": 0.3,
"vendor": "openjdk",
"version": "1.6"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.010"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"_id": null,
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.63"
},
{
"_id": null,
"model": "software opera web browser 2win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"_id": null,
"model": "windows server itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.01"
},
{
"_id": null,
"model": "windows xp service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "30"
},
{
"_id": null,
"model": "nonstop server j06.08.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "freeflow print server 82.d1.44",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"_id": null,
"model": "communication server telephony manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "10003.0"
},
{
"_id": null,
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10-09"
},
{
"_id": null,
"model": "windows server r2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows server sp2 compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "cosminexus developer\u0027s kit for java",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.4"
},
{
"_id": null,
"model": "nonstop server h06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "cosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.21"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.223"
},
{
"_id": null,
"model": "connect",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "8.1"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-04"
},
{
"_id": null,
"model": "nonstop server h06.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "simatic rf615r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.1"
},
{
"_id": null,
"model": "java se sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.20"
},
{
"_id": null,
"model": "java se sr13-fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.63"
},
{
"_id": null,
"model": "windows xp professional edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"_id": null,
"model": "jdk update16",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "windows home premium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7-x64"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.14"
},
{
"_id": null,
"model": "nonstop server h06.22.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "groupware suite",
"scope": "ne",
"trust": 0.3,
"vendor": "collax",
"version": "5.5.12"
},
{
"_id": null,
"model": "windows xp professional sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"_id": null,
"model": "jrockit r28.1.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk .0 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.12"
},
{
"_id": null,
"model": "windows server enterprise edition release candidate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.020"
},
{
"_id": null,
"model": "enterprise linux as for sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "flex system integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2"
},
{
"_id": null,
"model": "nonstop server h06.19.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.41"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.12.2"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.05"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"_id": null,
"model": "networks matrixssl",
"scope": "eq",
"trust": 0.3,
"vendor": "peersec",
"version": "3.2.1"
},
{
"_id": null,
"model": "websphere multichannel bank transformation toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"_id": null,
"model": "vplex geosynchrony",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "5.3"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.16.3"
},
{
"_id": null,
"model": "windows server r2 itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.51"
},
{
"_id": null,
"model": "nonstop server h06.21.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.11"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.212"
},
{
"_id": null,
"model": "cosminexus http server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.206"
},
{
"_id": null,
"model": "cms server aux",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"_id": null,
"model": "cosminexus http server windows",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-12"
},
{
"_id": null,
"model": "nonstop server h06.19.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "freeflow print server 93.e0.21c",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.10"
},
{
"_id": null,
"model": "simatic rf615r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"_id": null,
"model": "cosminexus http server linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "windows server r2 x64-standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "nonstop server j06.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.26.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "linux enterprise server sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.43"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.26"
},
{
"_id": null,
"model": "software opera web browser win32 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.02"
},
{
"_id": null,
"model": "access manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.2"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.221"
},
{
"_id": null,
"model": "nonstop server j06.04.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.016"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.307"
},
{
"_id": null,
"model": "windows xp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "jdk 1.5.0 07-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.21"
},
{
"_id": null,
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.2"
},
{
"_id": null,
"model": "update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.12.1"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "cosminexus http server linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.0"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.40"
},
{
"_id": null,
"model": "enterprise linux sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "nonstop server h06.20.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.19.5"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.201"
},
{
"_id": null,
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.21.7"
},
{
"_id": null,
"model": "nonstop server j06.10.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "websphere multichannel bank transformation toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "ucosminexus application server standard-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.21"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.550.0"
},
{
"_id": null,
"model": "windows vista enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00(x64)"
},
{
"_id": null,
"model": "nonstop server h06.16.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.2"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "windows server sp2 enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "jdk update22",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.61"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.20"
},
{
"_id": null,
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "jdk update15",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "communication server telephony manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "10004.0"
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"_id": null,
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.91"
},
{
"_id": null,
"model": "xcode",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"_id": null,
"model": "freeflow print server 73.d2.33",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "111.1.0.7"
},
{
"_id": null,
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.205"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.2"
},
{
"_id": null,
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "nonstop server h06.25.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "windows server web edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "BID",
"id": "49778"
},
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"credits": {
"_id": null,
"data": "Thai Duong and Juliano Rizzo, Wendy Parrington from United Utilities.",
"sources": [
{
"db": "BID",
"id": "49778"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3389",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-3389",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3389",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#864643",
"trust": 0.8,
"value": "3.38"
},
{
"author": "VULMON",
"id": "CVE-2011-3389",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "VULMON",
"id": "CVE-2011-3389"
},
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"description": {
"_id": null,
"data": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack. A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic. This will result in a false sense of security, and potentially result in the disclosure of sensitive information. \nHP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and\nWindows. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nSC World Congress, New York, USA, 16 November 2011\nVisit the Secunia booth (#203) and discover how you can improve your handling of third party programs:\n\nhttp://secunia.com/resources/events/sc_2011/ \n\n----------------------------------------------------------------------\n\nTITLE:\nIBM Lotus Domino SSL/TLS Initialization Vector Selection Weakness\n\nSECUNIA ADVISORY ID:\nSA46791\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46791/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46791\n\nRELEASE DATE:\n2011-11-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46791/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46791/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46791\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness has been reported in IBM Lotus Domino, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation and hijack a user\u0027s session. \n\nSOLUTION:\nAs a workaround enable RC4 encryption (please see the vendor\u0027s\nadvisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nThai Duong and Juliano Rizzo\n\nORIGINAL ADVISORY:\nIBM:\nhttp://www.ibm.com/support/docview.wss?uid=swg21568229\n\nIBM ISS X-Force:\nhttp://xforce.iss.net/xforce/xfdb/70069\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n \n A flaw was found in the way the Python SimpleHTTPServer module\n generated directory listings. An attacker able to upload a file\n with a specially-crafted name to a server could possibly perform a\n cross-site scripting (XSS) attack against victims visiting a listing\n page generated by SimpleHTTPServer, for a directory containing\n the crafted file (if the victims were using certain web browsers)\n (CVE-2011-4940). \n \n A race condition was found in the way the Python distutils module\n set file permissions during the creation of the .pypirc file. If a\n local user had access to the home directory of another user who is\n running distutils, they could use this flaw to gain access to that\n user\u0026#039;s .pypirc file, which can contain usernames and passwords for\n code repositories (CVE-2011-4944). \n \n A flaw was found in the way the Python SimpleXMLRPCServer module\n handled clients disconnecting prematurely. \n \n Hash table collisions CPU usage DoS for the embedded copy of expat\n (CVE-2012-0876). \n \n A denial of service flaw was found in the implementation of associative\n arrays (dictionaries) in Python. An attacker able to supply a large\n number of inputs to a Python application (such as HTTP POST request\n parameters sent to a web application) that are used as keys when\n inserting data into an array could trigger multiple hash function\n collisions, making array operations take an excessive amount of\n CPU time. To mitigate this issue, randomization has been added to\n the hash function to reduce the chance of an attacker successfully\n causing intentional collisions (CVE-2012-1150). \n \n The updated packages have been patched to correct these issues. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFP4cpsmqjQ0CJFipgRAns2AKCf6yQzu1AwCPejS+sWBnfY717HLQCeIefL\nNJQbNxUlwmb1w7aFZIt0vdU=\n=3Vdc\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-1263-1\nNovember 16, 2011\n\nicedtea-web, openjdk-6, openjdk-6b18 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed. \n\nSoftware Description:\n- icedtea-web: A web browser plugin to execute Java applets\n- openjdk-6: Open Source Java implementation\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nDeepak Bhole discovered a flaw in the Same Origin Policy (SOP)\nimplementation in the IcedTea web browser plugin. This could allow a\nremote attacker to open connections to certain hosts that should\nnot be permitted. (CVE-2011-3377)\n\nJuliano Rizzo and Thai Duong discovered that the block-wise AES\nencryption algorithm block-wise as used in TLS/SSL was vulnerable to\na chosen-plaintext attack. This could allow a remote attacker to view\nconfidential data. (CVE-2011-3389)\n\nIt was discovered that a type confusion flaw existed in the in\nthe Internet Inter-Orb Protocol (IIOP) deserialization code. A\nremote attacker could use this to cause an untrusted application\nor applet to execute arbitrary code by deserializing malicious\ninput. (CVE-2011-3521)\n\nIt was discovered that the Java scripting engine did not perform\nSecurityManager checks. This could allow a remote attacker to cause\nan untrusted application or applet to execute arbitrary code with\nthe full privileges of the JVM. (CVE-2011-3544)\n\nIt was discovered that the InputStream class used a global buffer to\nstore input bytes skipped. An attacker could possibly use this to gain\naccess to sensitive information. (CVE-2011-3547)\n\nIt was discovered that a vulnerability existed in the AWTKeyStroke\nclass. A remote attacker could cause an untrusted application or applet\nto execute arbitrary code. (CVE-2011-3548)\n\nIt was discovered that an integer overflow vulnerability existed\nin the TransformHelper class in the Java2D implementation. A remote\nattacker could use this cause a denial of service via an application\nor applet crash or possibly execute arbitrary code. (CVE-2011-3551)\n\nIt was discovered that the default number of available UDP sockets for\napplications running under SecurityManager restrictions was set too\nhigh. A remote attacker could use this with a malicious application or\napplet exhaust the number of available UDP sockets to cause a denial\nof service for other applets or applications running within the same\nJVM. (CVE-2011-3552)\n\nIt was discovered that Java API for XML Web Services (JAX-WS) could\nincorrectly expose a stack trace. (CVE-2011-3553)\n\nIt was discovered that the unpacker for pack200 JAR files did not\nsufficiently check for errors. An attacker could cause a denial of\nservice or possibly execute arbitrary code through a specially crafted\npack200 JAR file. (CVE-2011-3554)\n\nIt was discovered that the RMI registration implementation did not\nproperly restrict privileges of remotely executed code. A remote\nattacker could use this to execute code with elevated privileges. \n(CVE-2011-3556, CVE-2011-3557)\n\nIt was discovered that the HotSpot VM could be made to crash, allowing\nan attacker to cause a denial of service or possibly leak sensitive\ninformation. (CVE-2011-3558)\n\nIt was discovered that the HttpsURLConnection class did not\nproperly perform SecurityManager checks in certain situations. This\ncould allow a remote attacker to bypass restrictions on HTTPS\nconnections. (CVE-2011-3560)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10\n icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10\n icedtea-netx 1.1.3-1ubuntu1.1\n icedtea-plugin 1.1.3-1ubuntu1.1\n openjdk-6-jre 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10\n\nUbuntu 11.04:\n icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-netx 1.1.1-0ubuntu1~11.04.2\n icedtea-plugin 1.1.1-0ubuntu1~11.04.2\n openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2\n icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nESA-2012-032: RSA BSAFE\\xae Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks\n\nEMC Identifier: ESA-2012-032\n\nCVE Identifier: CVE-2011-3389\n\nSeverity Rating: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n\nAffected Products:\n\nAll versions of RSA BSAFE Micro Edition Suite prior to 4.0, all platforms\n\n\nUnaffected Products:\n\nRSA BSAFE Micro Edition Suite 4.0 and higher\n\n\nSummary:\n\nRSA BSAFE Micro Edition Suite contains updates designed to prevent BEAST attacks (CVE-2011-3389)\n\n\n\nDetails:\n\nThere is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important. \n\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time. \n\n\n\nRecommendation:\n\nThe best way to help prevent this attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues. \n\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security. \n\nFor customers who cannot or should not implement either of these two methods, RSA BSAFE Micro Edition Suite 4.0 introduces a new feature called first block splitting. First block splitting prevents the BEAST exploit by introducing unknown data into the encryption scheme prior to the attackers inserted plain text data. This is done as follows: \n\n\\x951. The first plain text block to be encrypted is split into two blocks. The first block contains the first byte of the data, the second block contains the rest. \n\\x952. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block. \n\\x953. The one byte of data, along with the MAC, is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own. \nTo implement first block splitting in RSA BSAFE Micro Edition Suite 4.0, either for an SSL context or SSL object, call R_SSL_CTX_set_options_by_type() or R_SSL_set_options_by_type() respectively, with the SSL_OP_TYPE_SECURITY option type and the SSL_OP_SPLIT_FIRST_FRAGMENT identifier. \n\nFor more information about these functions and identifiers, see the RSA BSAFE Micro Edition Suite API Reference Guide. \n\n\n\nSeverity Rating:\n\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \\x93Security Advisories Severity Rating\\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\n\nObtaining Documentation:\n\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. \n\n\n\nGetting Support and Service:\n\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help \u0026 Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. \n\n\nGeneral Customer Support Information:\n\nhttp://www.rsa.com/node.aspx?id=1264\n\n\nRSA SecurCare Online:\n\nhttps://knowledge.rsasecurity.com\n\n\nEOPS Policy:\n\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \nhttp://www.rsa.com/node.aspx?id=2575\n\n\nSecurCare Online Security Advisories\n\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. \n\n\nAbout RSA SecurCare Notes \u0026 Security Advisories Subscription\n\nRSA SecurCare Notes \u0026 Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\\x92d like to stop receiving RSA SecurCare Notes \u0026 Security Advisories, or if you\\x92d like to change which RSA product family Notes \u0026 Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes \u0026 Security Advisories you no longer want to receive. Click the Submit button to save your selection. \n\n\nEMC Product Security Response Center\n\nSecurity_Alert@EMC.COM\n\nhttp://www.emc.com/contact-us/contact/product-security-response-center.html\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (Cygwin)\n\niEYEARECAAYFAlBKOMwACgkQtjd2rKp+ALw1HQCfezG65rzhhtvVQAFkXzXQmthr\nCc8An3CJlTmuxBfF1dHt/NvQgKED9eR4\n=++hy\n-----END PGP SIGNATURE-----\n. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2011-3389\n\n This update enables OpenSSL workarounds against the \"BEAST\" attack. \n Additional information can be found in the Curl advisory:\n http://curl.haxx.se/docs/adv_20120124B.html\n\nCVE-2012-0036\n\n Dan Fandrich discovered that Curl performs insufficient sanitising\n when extracting the file path part of an URL. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.24.0-1. \n\nWe recommend that you upgrade your curl packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.5.0-ibm security update\nAdvisory ID: RHSA-2012:0508-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0508.html\nIssue date: 2012-04-23\nCVE Names: CVE-2011-3389 CVE-2011-3557 CVE-2011-3560 \n CVE-2011-3563 CVE-2012-0498 CVE-2012-0499 \n CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 \n CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.5.0-ibm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2011-3389, CVE-2011-3557,\nCVE-2011-3560, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501,\nCVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR13-FP1 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)\n788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)\n788994 - CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)\n789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)\n789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)\n789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)\n789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)\n790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)\n790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm\n\nppc:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.ppc64.rpm\n\ns390x:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.s390x.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\n\nppc64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm\n\ns390x:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.s390.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.s390.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3563.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0498.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0499.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0501.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0502.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0503.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0505.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0506.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0507.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and\nSecurity Update 2012-004\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 are now available and address the following:\n\nApache\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.22 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/. This issue does not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3368\nCVE-2011-3607\nCVE-2011-4317\nCVE-2012-0021\nCVE-2012-0031\nCVE-2012-0053\n\nBIND\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: A remote attacker may be able to cause a denial of service\nin systems configured to run BIND as a DNS nameserver\nDescription: A reachable assertion issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1. \nThis issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4313\n\nBIND\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: A remote attacker may be able to cause a denial of service,\ndata corruption, or obtain sensitive information from process memory\nin systems configured to run BIND as a DNS nameserver\nDescription: A memory management issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1 on\nOS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-1667\n\nCoreText\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Applications that use CoreText may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A bounds checking issue existed in the handling of text\nglyphs, which may lead to out of bounds memory reads or writes. This\nissue was addressed through improved bounds checking. This issue does\nnot affect Mac OS X v10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3716 : Jesse Ruderman of Mozilla Corporation\n\nData Security\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: TrustWave, a trusted root CA, has issued, and\nsubsequently revoked, a sub-CA certificate from one of its trusted\nanchors. This sub-CA facilitated the interception of communications\nsecured by Transport Layer Security (TLS). This update adds the\ninvolved sub-CA certificate to OS X\u0027s list of untrusted certificates. \n\nDirectoryService\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8\nImpact: If the DirectoryService Proxy is used, a remote attacker may\ncause a denial of service or arbitrary code execution\nDescription: A buffer overflow existed in the DirectoryService\nProxy. This issue was addressed through improved bounds checking. \nThis issue does not affect OS X Lion and Mountain Lion systems. \nCVE-ID\nCVE-2012-0650 : aazubel working with HP\u0027s Zero Day Initiative\n\nImageIO\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libpng\u0027s\nhandling of PNG images. These issues were addressed through improved\nvalidation of PNG images. These issues do not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3026 : Juri Aedla\nCVE-2011-3048\n\nImageIO\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow issue existed in libTIFF\u0027s handling\nof TIFF images. This issue was addressed through improved validation\nof TIFF images. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-1173 : Alexander Gavrun working with HP\u0027s Zero Day\nInitiative\n\nInstaller\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Remote admins and persons with physical access to the system\nmay obtain account information\nDescription: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented\nuser passwords from being recorded in the system log, but did not\nremove the old log entries. This issue was addressed by deleting log\nfiles that contained passwords. This issue does not affect Mac OS X\n10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0652\n\nInternational Components for Unicode\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription: A stack buffer overflow existed in the handling of ICU\nlocale IDs. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4599\n\nKernel\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: A malicious program could bypass sandbox restrictions\nDescription: A logic issue existed in the handling of debug system\ncalls. This may allow a malicious program to gain code execution in\nother programs with the same user privileges. This issue was\naddressed by disabling handling of addresses in PT_STEP and\nPT_CONTINUE. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0643 : iOS Jailbreak Dream Team\n\nLoginWindow\nAvailable for: OS X Mountain Lion v10.8 and v10.8.1\nImpact: A local user may be able to obtain other user\u0027s login\npasswords\nDescription: A user-installed input method could intercept password\nkeystrokes from Login Window or Screen Saver Unlock. This issue was\naddressed by preventing user-installed methods from being used when\nthe system is handling login information. \nCVE-ID\nCVE-2012-3718 : An anonymous researcher\n\nMail\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing an e-mail message may lead to execution of web\nplugins\nDescription: An input validation issue existed in Mail\u0027s handling of\nembedded web plugins. This issue was addressed by disabling third-\nparty plug-ins in Mail. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3719 : Will Dormann of the CERT/CC\n\nMobile Accounts\nAvailable for: OS X Mountain Lion v10.8 and v10.8.1\nImpact: A user with access to the contents of a mobile account may\nobtain the account password\nDescription: Creating a mobile account saved a hash of the password\nin the account, which was used to login when the mobile account was\nused as an external account. The password hash could be used to\ndetermine the user\u0027s password. This issue was addressed by creating\nthe password hash only if external accounts are enabled on the system\nwhere the mobile account is created. \nCVE-ID\nCVE-2012-3720 : Harald Wagener of Google, Inc. \n\nPHP\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: Multiple vulnerabilities in PHP\nDescription: \u003ePHP is updated to version 5.3.15 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2012-0831\nCVE-2012-1172\nCVE-2012-1823\nCVE-2012-2143\nCVE-2012-2311\nCVE-2012-2386\nCVE-2012-2688\n\nPHP\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: PHP scripts which use libpng may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nPNG files. This issue was addressed by updating PHP\u0027s copy of libpng\nto version 1.5.10. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3048\n\nProfile Manager\nAvailable for: OS X Lion Server v10.7 to v10.7.4\nImpact: An unauthenticated user could enumerate managed devices\nDescription: An authentication issue existed in the Device\nManagement private interface. This issue was addressed by removing\nthe interface. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3721 : Derick Cassidy of XEquals Corporation\n\nQuickLook\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted .pict file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.pict files. This issue was addressed through improved validation of\n.pict files. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the\nQualys Vulnerability \u0026 Malware Research Labs (VMRL)\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in QuickTime\u0027s handling of\nsean atoms. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access existed in the handling\nof Sorenson encoded movie files. This issue was addressed through\nimproved memory initialization. This issue does not affect OS X\nMountain Lion systems. \nCVE-ID\nCVE-2012-3722 : Will Dormann of the CERT/CC\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of RLE\nencoded movie files. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0668 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nRuby\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nThe Ruby OpenSSL module disabled the \u0027empty fragment\u0027 countermeasure\nwhich prevented these attacks. This issue was addressed by enabling\nempty fragments. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3389\n\nUSB\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Attaching a USB device may lead to an unexpected system\ntermination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nUSB hub descriptors. This issue was addressed through improved\nhandling of the bNbrPorts descriptor field. This issue does not\naffect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3723 : Andy Davis of NGS Secure\n\nNote: OS X Mountain Lion v10.8.2 includes the content of\nSafari 6.0.1. For further details see \"About the security content\nof Safari 6.0.1\" at http://http//support.apple.com/kb/HT5502\n\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 may be obtained from the Software Update pane in System\nPreferences, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update\n2012-004. \n\nFor OS X Mountain Lion v10.8.1\nThe download file is named: OSXUpd10.8.2.dmg\nIts SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33\n\nFor OS X Mountain Lion v10.8\nThe download file is named: OSXUpdCombo10.8.2.dmg\nIts SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c\n\nFor OS X Lion v10.7.4\nThe download file is named: MacOSXUpd10.7.5.dmg\nIts SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532\n\nFor OS X Lion v10.7 and v10.7.3\nThe download file is named: MacOSXUpdCombo10.7.5.dmg\nIts SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b\n\nFor OS X Lion Server v10.7.4\nThe download file is named: MacOSXServerUpd10.7.5.dmg\nIts SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a\n\nFor OS X Lion Server v10.7 and v10.7.3\nThe download file is named: MacOSXServerUpdCombo10.7.5.dmg\nIts SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-004.dmg\nIts SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-004.dmg\nIts SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e\nQm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW\npc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE\nDQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO\nQyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n\n7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm\n7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO\nBOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5\nw4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3\n+9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK\nq5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2\nxyBfrQfG/dsif6jGHaot\n=8joH\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03316985\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03316985\nVersion: 1\n\nHPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial\nof Service (DoS), Unauthorized Modification and Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-05-15\nLast Updated: 2012-05-15\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of service, unauthorized\nmodification and disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities may allow remote Denial of Service (DoS), unauthorized\nmodification and disclosure of information. \n\nReferences: CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462,\nCVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476,\nCVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0864,\nCVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-3389, CVE-2011-3545,\nCVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0499, CVE-2012-0502,\nCVE-2012-0503, CVE-2012-0505, CVE-2012-0506\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-4447 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2010-4448 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2010-4454 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4462 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4475 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-0802 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0815 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0862 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0864 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0865 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-0867 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-0871 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP is providing the following Java updates to resolve the vulnerabilities. \nThe updates are available from: http://www.hp.com/go/java\n\nThese issues are addressed in the following versions of the HP Java:\n\nHP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent\n\nMANUAL ACTIONS: Yes - Update\n\nFor Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant:\nHP-UX Software Assistant is an enhanced application that replaces HP-UX\nSecurity Patch Check. It analyzes all HP-issued Security Bulletins and lists\nrecommended actions that may apply to a specific HP-UX system. It can also\ndownload patches and create a depot automatically. For more information see:\nhttps://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJpi14.JPI14-COM\nJpi14.JPI14-COM-DOC\nJpi14.JPI14-IPF32\nJpi14.JPI14-PA11\nJdk14.JDK14-COM\nJdk14.JDK14-DEMO\nJdk14.JDK14-IPF32\nJdk14.JDK14-IPF64\nJdk14.JDK14-PA11\nJdk14.JDK14-PA20\nJdk14.JDK14-PA20W\nJdk14.JDK14-PNV2\nJdk14.JDK14-PWV2\nJre14.JRE14-COM\nJre14.JRE14-COM-DOC\nJre14.JRE14-IPF32\nJre14.JRE14-IPF32-HS\nJre14.JRE14-IPF64\nJre14.JRE14-IPF64-HS\nJre14.JRE14-PA11\nJre14.JRE14-PA11-HS\nJre14.JRE14-PA20\nJre14.JRE14-PA20-HS\nJre14.JRE14-PA20W\nJre14.JRE14-PA20W-HS\nJre14.JRE14-PNV2\nJre14.JRE14-PNV2-H\nJre14.JRE14-PWV2\nJre14.JRE14-PWV2-H\naction: install revision 1.4.2.28.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 15 May 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3389"
},
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "BID",
"id": "49778"
},
{
"db": "VULMON",
"id": "CVE-2011-3389"
},
{
"db": "PACKETSTORM",
"id": "123310"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106901"
},
{
"db": "PACKETSTORM",
"id": "114005"
},
{
"db": "PACKETSTORM",
"id": "107051"
},
{
"db": "PACKETSTORM",
"id": "116406"
},
{
"db": "PACKETSTORM",
"id": "109207"
},
{
"db": "PACKETSTORM",
"id": "112108"
},
{
"db": "PACKETSTORM",
"id": "116792"
},
{
"db": "PACKETSTORM",
"id": "112826"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2011-3389",
"trust": 2.3
},
{
"db": "CERT/CC",
"id": "VU#864643",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-556833",
"trust": 1.3
},
{
"db": "BID",
"id": "49778",
"trust": 1.3
},
{
"db": "SECUNIA",
"id": "45791",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "55350",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "48256",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "47998",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "48915",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "55351",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "49198",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "55322",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "48948",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "48692",
"trust": 1.0
},
{
"db": "OSVDB",
"id": "74829",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1026103",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1029190",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1026704",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1025997",
"trust": 1.0
},
{
"db": "BID",
"id": "49388",
"trust": 1.0
},
{
"db": "USCERT",
"id": "TA12-010A",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-02",
"trust": 1.0
},
{
"db": "XF",
"id": "70069",
"trust": 0.4
},
{
"db": "HITACHI",
"id": "HS14-011",
"trust": 0.3
},
{
"db": "HITACHI",
"id": "HS11-024",
"trust": 0.3
},
{
"db": "HITACHI",
"id": "HS13-018",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-192-04",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "46791",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2011-3389",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123310",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106640",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106901",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114005",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107051",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116406",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109207",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112108",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112826",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "VULMON",
"id": "CVE-2011-3389"
},
{
"db": "BID",
"id": "49778"
},
{
"db": "PACKETSTORM",
"id": "123310"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106901"
},
{
"db": "PACKETSTORM",
"id": "114005"
},
{
"db": "PACKETSTORM",
"id": "107051"
},
{
"db": "PACKETSTORM",
"id": "116406"
},
{
"db": "PACKETSTORM",
"id": "109207"
},
{
"db": "PACKETSTORM",
"id": "112108"
},
{
"db": "PACKETSTORM",
"id": "116792"
},
{
"db": "PACKETSTORM",
"id": "112826"
},
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"id": "VAR-201109-0130",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33862434333333336
},
"last_update_date": "2026-04-10T22:16:45.123000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Debian CVElist Bug Report Logs: CVE-2011-4362: DoS because of incorrect code in src/http_auth.c:67",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=210cf4b6236578faf8f94374acf42746"
},
{
"title": "Debian CVElist Bug Report Logs: nss: CVE-2014-1569 information leak",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ab91355beed7b295ca76667e7725b8ff"
},
{
"title": "Red Hat: Critical: java-1.4.2-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120006 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-2398-2 curl -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=aedc7511d582d3d92a5ba7329ed7d34e"
},
{
"title": "Red Hat: Moderate: java-1.4.2-ibm-sap security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120343 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-2368-1 lighttpd -- multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=013e897d92ab510d8719f5ffc2cb7e80"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=43a9f1e298f8daf772ebfe7187e61853"
},
{
"title": "Debian CVElist Bug Report Logs: asterisk: CVE-2015-3008: TLS Certificate Common name NULL byte exploit",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3dcc7cafafedb5ec8b84970acf17457b"
},
{
"title": "Red Hat: Critical: java-1.6.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: asterisk: chan_sip: File descriptors leak (UDP sockets) / AST-2016-007, CVE-2016-7551",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=84da1980846b47c2025a829646fab2ad"
},
{
"title": "Red Hat: Critical: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121089 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121088 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1"
},
{
"title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe"
},
{
"title": "Amazon Linux AMI: ALAS-2011-010",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010"
},
{
"title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory"
},
{
"title": "litecoin_demo",
"trust": 0.1,
"url": "https://github.com/swod00/litecoin_demo "
},
{
"title": "litecoin",
"trust": 0.1,
"url": "https://github.com/daniel1302/litecoin "
},
{
"title": "reg",
"trust": 0.1,
"url": "https://github.com/genuinetools/reg "
},
{
"title": "testssl-report",
"trust": 0.1,
"url": "https://github.com/tzaffi/testssl-report "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ricardobranco777/regview "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Valdem88/dev-17_ib-yakovlev_vs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-3389"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.1,
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"trust": 1.8,
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"trust": 1.8,
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"trust": 1.8,
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"trust": 1.8,
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"trust": 1.7,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862"
},
{
"trust": 1.4,
"url": "http://curl.haxx.se/docs/adv_20120124b.html"
},
{
"trust": 1.3,
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"trust": 1.3,
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"trust": 1.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"trust": 1.3,
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665814"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-1263-1"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0508.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.0,
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14752"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"trust": 1.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2012/may/msg00001.html"
},
{
"trust": 1.0,
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/47998"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/55351"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"trust": 1.0,
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1029190"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/49388"
},
{
"trust": 1.0,
"url": "http://osvdb.org/74829"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html"
},
{
"trust": 1.0,
"url": "http://www.insecure.cl/beast-ssl.rar"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id?1026704"
},
{
"trust": 1.0,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht5001"
},
{
"trust": 1.0,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:058"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht5501"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"trust": 1.0,
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48915"
},
{
"trust": 1.0,
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/49198"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48948"
},
{
"trust": 1.0,
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2012/jul/msg00001.html"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id?1026103"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00002.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48692"
},
{
"trust": 1.0,
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"trust": 1.0,
"url": "http://downloads.asterisk.org/pub/security/ast-2016-001.html"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"trust": 1.0,
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"trust": 1.0,
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht5281"
},
{
"trust": 1.0,
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"trust": 1.0,
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"trust": 1.0,
"url": "http://eprint.iacr.org/2006/136"
},
{
"trust": 1.0,
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48256"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/45791"
},
{
"trust": 1.0,
"url": "http://www.us-cert.gov/cas/techalerts/ta12-010a.html"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht6150"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/55350"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/55322"
},
{
"trust": 1.0,
"url": "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf"
},
{
"trust": 1.0,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.0,
"url": "http://isc.sans.edu/diary/ssl+tls+part+3+/11635"
},
{
"trust": 1.0,
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht4999"
},
{
"trust": 1.0,
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id?1025997"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/49778"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht5130"
},
{
"trust": 1.0,
"url": "http://eprint.iacr.org/2004/111"
},
{
"trust": 0.8,
"url": "http://www.openssl.org/~bodo/tls-cbc.txt"
},
{
"trust": 0.8,
"url": "http://www.phonefactor.com/blog/slaying-beast-mitigating-the-latest-ssltls-vulnerability.php"
},
{
"trust": 0.8,
"url": "https://blog.torproject.org/blog/tor-and-beast-ssl-attack"
},
{
"trust": 0.8,
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=97269"
},
{
"trust": 0.8,
"url": "http://www.ekoparty.org/2011/juliano-rizzo.php"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
},
{
"trust": 0.4,
"url": "http://xforce.iss.net/xforce/xfdb/70069"
},
{
"trust": 0.4,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21568229"
},
{
"trust": 0.3,
"url": "http://www.collax.com/download/file/target/frame/file/2926"
},
{
"trust": 0.3,
"url": "http://www.collax.com/produkte/allinone-server-for-small-businesses"
},
{
"trust": 0.3,
"url": "http://www.collax.com/download/file/target/frame/file/2930"
},
{
"trust": 0.3,
"url": "http://www.collax.com/produkte/email-calendar-contacts-in-a-safe-business-server"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21578730"
},
{
"trust": 0.3,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3389_chosen_plaintext2"
},
{
"trust": 0.3,
"url": "seclists.org/bugtraq/2014/apr/att-70/esa-2012-032.txt"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2012/sep/att-39/esa-2012-032.txt"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/mar/att-156/esa-2014-016.txt"
},
{
"trust": 0.3,
"url": "http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/connect/history"
},
{
"trust": 0.3,
"url": "http://www.matrixssl.org/"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7009901\u0026sliceid=1"
},
{
"trust": 0.3,
"url": "http://www.opera.com/support/kb/view/1000/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm60958"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_system_x_and_flex_systems_browser_exploit_against_ssl_tls_beast_mitigations_cve_2011_33891?lang=en_us"
},
{
"trust": 0.3,
"url": "http://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00"
},
{
"trust": 0.3,
"url": "http://www.ietf.org/rfc/rfc2246.txt"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21571596"
},
{
"trust": 0.3,
"url": "/archive/1/524142"
},
{
"trust": 0.3,
"url": "http://support.apple.com/kb/ht5416"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100151219"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100150852"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100154049"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100154899"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2013/jun/att-65/esa-2013-039.txt"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093636"
},
{
"trust": 0.3,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-04"
},
{
"trust": 0.3,
"url": "http://technet.microsoft.com/en-us/security/advisory/2588513"
},
{
"trust": 0.3,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-006"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-018/index.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093630"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022152"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1019998"
},
{
"trust": 0.3,
"url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-011/index.html"
},
{
"trust": 0.3,
"url": "http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2311"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2357"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2356"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2336"
},
{
"trust": 0.1,
"url": "http://h18013.www1.hp.com/products/servers/management/agents/index.html"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2355"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2360"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201111-02.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46791/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46791/"
},
{
"trust": 0.1,
"url": "http://secunia.com/resources/events/sc_2011/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46791"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4944"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4944"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1150"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0845"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0876"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4940"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1150"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.1-0ubuntu1~11.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~11.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.3-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604."
},
{
"trust": 0.1,
"url": "http://www.emc.com/contact-us/contact/product-security-response-center.html"
},
{
"trust": 0.1,
"url": "https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3."
},
{
"trust": 0.1,
"url": "https://knowledge.rsasecurity.com"
},
{
"trust": 0.1,
"url": "http://www.rsa.com/node.aspx?id=1204."
},
{
"trust": 0.1,
"url": "http://www.rsa.com/node.aspx?id=1264"
},
{
"trust": 0.1,
"url": "http://www.rsa.com/node.aspx?id=2575"
},
{
"trust": 0.1,
"url": "https://knowledge.rsasecurity.com,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html"
},
{
"trust": 0.1,
"url": "http://www.php.net"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4313"
},
{
"trust": 0.1,
"url": "http://http//support.apple.com/kb/ht5502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1667"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0650"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3026"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/java"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4462"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "BID",
"id": "49778"
},
{
"db": "PACKETSTORM",
"id": "123310"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106901"
},
{
"db": "PACKETSTORM",
"id": "114005"
},
{
"db": "PACKETSTORM",
"id": "107051"
},
{
"db": "PACKETSTORM",
"id": "116406"
},
{
"db": "PACKETSTORM",
"id": "109207"
},
{
"db": "PACKETSTORM",
"id": "112108"
},
{
"db": "PACKETSTORM",
"id": "116792"
},
{
"db": "PACKETSTORM",
"id": "112826"
},
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#864643",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2011-3389",
"ident": null
},
{
"db": "BID",
"id": "49778",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "123310",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "106640",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "106901",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "114005",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "107051",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "116406",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109207",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "112108",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "116792",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "112826",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2011-3389",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2011-09-27T00:00:00",
"db": "CERT/CC",
"id": "VU#864643",
"ident": null
},
{
"date": "2011-09-06T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3389",
"ident": null
},
{
"date": "2011-09-19T00:00:00",
"db": "BID",
"id": "49778",
"ident": null
},
{
"date": "2013-09-19T22:22:00",
"db": "PACKETSTORM",
"id": "123310",
"ident": null
},
{
"date": "2011-11-06T01:01:42",
"db": "PACKETSTORM",
"id": "106640",
"ident": null
},
{
"date": "2011-11-12T02:51:49",
"db": "PACKETSTORM",
"id": "106901",
"ident": null
},
{
"date": "2012-06-21T05:28:48",
"db": "PACKETSTORM",
"id": "114005",
"ident": null
},
{
"date": "2011-11-17T02:34:27",
"db": "PACKETSTORM",
"id": "107051",
"ident": null
},
{
"date": "2012-09-11T16:00:16",
"db": "PACKETSTORM",
"id": "116406",
"ident": null
},
{
"date": "2012-01-31T02:55:32",
"db": "PACKETSTORM",
"id": "109207",
"ident": null
},
{
"date": "2012-04-23T20:54:36",
"db": "PACKETSTORM",
"id": "112108",
"ident": null
},
{
"date": "2012-09-22T06:30:43",
"db": "PACKETSTORM",
"id": "116792",
"ident": null
},
{
"date": "2012-05-17T21:16:37",
"db": "PACKETSTORM",
"id": "112826",
"ident": null
},
{
"date": "2011-09-06T19:55:03.197000",
"db": "NVD",
"id": "CVE-2011-3389",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#864643",
"ident": null
},
{
"date": "2022-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3389",
"ident": null
},
{
"date": "2019-07-16T13:00:00",
"db": "BID",
"id": "49778",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3389",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "49778"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes",
"sources": [
{
"db": "CERT/CC",
"id": "VU#864643"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "49778"
}
],
"trust": 0.3
}
}
VAR-201103-0090
Vulnerability from variot - Updated: 2025-04-11 21:38The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. This vulnerability is related to plain text command injection attacks. An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. The following vendors are affected: Ipswitch Kerio Postfix Qmail-TLS Oracle (note that the affected application is unknown) SCO Group spamdyke ISC. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: Wietse Venema via US-CERT. ----------------------------------------------------------------------
Alerts when vulnerabilities pose a threat to your infrastructure The enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies.
SOLUTION: Apply fixes. ----------------------------------------------------------------------
Get a tax break on purchases of Secunia Solutions!
If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/
TITLE: Kerio Connect "STARTTLS" Plaintext Injection Vulnerability
SECUNIA ADVISORY ID: SA43678
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43678/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43678
RELEASE DATE: 2011-03-12
DISCUSS ADVISORY: http://secunia.com/advisories/43678/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43678/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43678
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Kerio Connect, which can be exploited by malicious people to manipulate certain data.
The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase.
The vulnerability is reported in version 7.1.4 build 2985. Other versions may also be affected.
SOLUTION: Reportedly, the vendor will fix this in an upcoming version.
PROVIDED AND/OR DISCOVERED BY: Wietse Venema
ORIGINAL ADVISORY: US-CERT VU#555316: http://www.kb.cert.org/vuls/id/555316 http://www.kb.cert.org/vuls/id/MAPG-8D9M4P
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201103-0090",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "lte",
"trust": 1.8,
"vendor": "ipswitch",
"version": "11.03"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.01"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.11"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "11.02"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "2006.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "6.00"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "11"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "6.06"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "*"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "8.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "server_8.2_hotfix_2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "10.01"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "10"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "10.02"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "11.01"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyrus imap",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postfix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qmail tls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "watchguard",
"version": null
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.3.1"
},
{
"model": "spamdyke",
"scope": "ne",
"trust": 0.3,
"vendor": "spamdyke",
"version": "4.2.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "imap server",
"scope": "eq",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.4"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "groupware server 2.2-rc3",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.4.9"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.5"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.2"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.3"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "pure-ftpd",
"scope": "ne",
"trust": 0.3,
"vendor": "pureftpd",
"version": "1.0.30"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "20011115"
},
{
"model": "groupware server -rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.3"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7.01"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.2.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20110"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.5.2"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.3"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.23"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "linux enterprise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "pure-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "pureftpd",
"version": "1.0.29"
},
{
"model": "groupware server 2.1.beta3",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.0"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "groupware server",
"scope": "ne",
"trust": 0.3,
"vendor": "kolab",
"version": "2.3.2"
},
{
"model": "inn",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "2.5.3"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.4.8"
},
{
"model": "spamdyke",
"scope": "eq",
"trust": 0.3,
"vendor": "spamdyke",
"version": "4.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "mailserver patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.31"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.13"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "19991231"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "imap server",
"scope": "ne",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4.7"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.7"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "connect build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.42985"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "linux enterprise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.2"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.1"
},
{
"model": "groupware server 2.1beta2",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.6-20080902"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "scooffice server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "0"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.2"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.1.3"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.12"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.4"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.1.11"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "xcs",
"scope": "eq",
"trust": 0.3,
"vendor": "watchguard",
"version": "9.1"
},
{
"model": "netqmail",
"scope": "eq",
"trust": 0.3,
"vendor": "qmail smtpd auth",
"version": "0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.4.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.4.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "1.0.21"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2.4"
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "groupware server 2.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "kolab",
"version": null
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.5"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.8"
},
{
"model": "groupware server beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "inn",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "2.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.10"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.6"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "20010228"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.6.4"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imap server",
"scope": "eq",
"trust": 0.3,
"vendor": "cyrus",
"version": "2.4.6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "starttls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "0"
},
{
"model": "mailserver build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.6.17069"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "groupware server beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.5"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "venema postfix patchlevel",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.5.44"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.4"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.7"
},
{
"model": "groupware server",
"scope": "eq",
"trust": 0.3,
"vendor": "kolab",
"version": "2.0.4"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "2.2.10"
},
{
"model": "venema postfix",
"scope": "eq",
"trust": 0.3,
"vendor": "wietse",
"version": "19990906"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "5.7.6"
},
{
"model": "xcs",
"scope": "eq",
"trust": 0.3,
"vendor": "watchguard",
"version": "9.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imail",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "104917"
},
{
"db": "PACKETSTORM",
"id": "101909"
},
{
"db": "PACKETSTORM",
"id": "99104"
},
{
"db": "PACKETSTORM",
"id": "99217"
}
],
"trust": 0.4
},
"cve": "CVE-2011-1430",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-1430",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-49375",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-1430",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555316",
"trust": 0.8,
"value": "1.39"
},
{
"author": "NVD",
"id": "CVE-2011-1430",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-223",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-49375",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. This vulnerability is related to plain text command injection attacks. \nAn attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. \nThe following vendors are affected:\nIpswitch\nKerio\nPostfix\nQmail-TLS\nOracle (note that the affected application is unknown)\nSCO Group\nspamdyke\nISC. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nWietse Venema via US-CERT. ----------------------------------------------------------------------\n\n\nAlerts when vulnerabilities pose a threat to your infrastructure\nThe enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies. \n\nSOLUTION:\nApply fixes. ----------------------------------------------------------------------\n\n\nGet a tax break on purchases of Secunia Solutions!\n\nIf you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:\nhttp://secunia.com/products/corporate/vim/section_179/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nKerio Connect \"STARTTLS\" Plaintext Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA43678\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43678/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43678\n\nRELEASE DATE:\n2011-03-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43678/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43678/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43678\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Kerio Connect, which can be\nexploited by malicious people to manipulate certain data. \n\nThe vulnerability is caused due to the TLS implementation not\nproperly clearing transport layer buffers when upgrading from\nplaintext to ciphertext after receiving the \"STARTTLS\" command. This\ncan be exploited to insert arbitrary plaintext data (e.g. SMTP\ncommands) during the plaintext phase, which will then be executed\nafter upgrading to the TLS ciphertext phase. \n\nThe vulnerability is reported in version 7.1.4 build 2985. Other\nversions may also be affected. \n\nSOLUTION:\nReportedly, the vendor will fix this in an upcoming version. \n\nPROVIDED AND/OR DISCOVERED BY:\nWietse Venema\n\nORIGINAL ADVISORY:\nUS-CERT VU#555316:\nhttp://www.kb.cert.org/vuls/id/555316\nhttp://www.kb.cert.org/vuls/id/MAPG-8D9M4P\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1430"
},
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "PACKETSTORM",
"id": "104917"
},
{
"db": "PACKETSTORM",
"id": "101909"
},
{
"db": "PACKETSTORM",
"id": "99104"
},
{
"db": "PACKETSTORM",
"id": "99217"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#555316",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2011-1430",
"trust": 2.8
},
{
"db": "BID",
"id": "46767",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "43676",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2011-0609",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "71020",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223",
"trust": 0.7
},
{
"db": "XF",
"id": "65932",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "45857",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "44753",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "43678",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-49375",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104917",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101909",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99104",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99217",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "PACKETSTORM",
"id": "104917"
},
{
"db": "PACKETSTORM",
"id": "101909"
},
{
"db": "PACKETSTORM",
"id": "99104"
},
{
"db": "PACKETSTORM",
"id": "99217"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"id": "VAR-201103-0090",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49375"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T21:38:49.359000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ipswitch.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/mapg-8dbrd4"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/46767"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/71020"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43676"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0609"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc2595"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc3207"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc4642"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"trust": 0.8,
"url": "http://www.watchguard.com/archive/softwarecenter.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1430"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1430"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/65932"
},
{
"trust": 0.4,
"url": "http://www.kb.cert.org/vuls/id/mapg-8d9m4p"
},
{
"trust": 0.4,
"url": "http://www.watchguard.com/support/release-notes/xcs/9/en-us/en_releasenotes_xcs_9_1_1/en_releasenotes_wg_xcs_9_1_tls_hotfix.pdf"
},
{
"trust": 0.4,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.3,
"url": "http://kolab.org/pipermail/kolab-announce/2011/000101.html"
},
{
"trust": 0.3,
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
},
{
"trust": 0.3,
"url": "http://cyrusimap.org/mediawiki/index.php/bugs_resolved_in_2.4.7"
},
{
"trust": 0.3,
"url": "https://www.isc.org/software/inn/2.5.3article"
},
{
"trust": 0.3,
"url": "http://files.kolab.org/server/release/kolab-server-2.3.2/sources/release-notes.txt"
},
{
"trust": 0.3,
"url": "http://www.postfix.org/cve-2011-0411.html"
},
{
"trust": 0.3,
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"trust": 0.3,
"url": "http://www.spamdyke.org/documentation/changelog.txt"
},
{
"trust": 0.3,
"url": "http://datatracker.ietf.org/doc/draft-josefsson-kerberos5-starttls/?include_text=1"
},
{
"trust": 0.3,
"url": "/archive/1/516901"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100134676"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100141041"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850478"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 0.3,
"url": "http://inoa.net/qmail-tls/vu555316.patch"
},
{
"trust": 0.3,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.2,
"url": "http://secunia.com/products/corporate/vim/section_179/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45857/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/242"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45857"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45857/#comments"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/mapg-8d9m6a"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44753/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/mapg-8d9m75"
},
{
"trust": 0.1,
"url": "http://www.youtube.com/user/secunia#p/a/u/0/m1y9sjqr2sy"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44753"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44753/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43676/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43676/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43676"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43678/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43678/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43678"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "PACKETSTORM",
"id": "104917"
},
{
"db": "PACKETSTORM",
"id": "101909"
},
{
"db": "PACKETSTORM",
"id": "99104"
},
{
"db": "PACKETSTORM",
"id": "99217"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-49375"
},
{
"db": "BID",
"id": "46767"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"db": "PACKETSTORM",
"id": "104917"
},
{
"db": "PACKETSTORM",
"id": "101909"
},
{
"db": "PACKETSTORM",
"id": "99104"
},
{
"db": "PACKETSTORM",
"id": "99217"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#555316"
},
{
"date": "2011-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-49375"
},
{
"date": "2011-03-07T00:00:00",
"db": "BID",
"id": "46767"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"date": "2011-09-08T08:14:47",
"db": "PACKETSTORM",
"id": "104917"
},
{
"date": "2011-06-01T04:21:33",
"db": "PACKETSTORM",
"id": "101909"
},
{
"date": "2011-03-09T06:30:49",
"db": "PACKETSTORM",
"id": "99104"
},
{
"date": "2011-03-14T11:35:55",
"db": "PACKETSTORM",
"id": "99217"
},
{
"date": "2011-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"date": "2011-03-16T22:55:04.747000",
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-08T00:00:00",
"db": "CERT/CC",
"id": "VU#555316"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-49375"
},
{
"date": "2015-04-13T21:35:00",
"db": "BID",
"id": "46767"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004393"
},
{
"date": "2011-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-223"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-1430"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "STARTTLS plaintext command injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-223"
}
],
"trust": 0.6
}
}
VAR-200712-0222
Vulnerability from variot - Updated: 2025-04-10 23:22The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. Kerio WinRoute Firewall is prone to an unspecified weakness that allows local users to bypass proxy authentication. Exploiting this issue may permit a local attacker to obtain web pages that are supposed to be administratively prohibited with proxy controls. Versions prior to Kerio WinRoute Firewall 6.4.1 contain this weakness.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
SOLUTION: Update to version 6.4.1. http://www.kerio.com/kwf_download.html
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200712-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.2.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.2.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.2.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.11"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.1.4_patch_2"
},
{
"model": "winroute firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "kerio",
"version": "6.4.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.1.4_patch_1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.3.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.3.1"
},
{
"model": "winroute firewall",
"scope": "lt",
"trust": 0.8,
"vendor": "kerio",
"version": "6.4.1"
},
{
"model": "winroute firewall patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.42"
},
{
"model": "winroute firewall patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.41"
},
{
"model": "winroute firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.4.1"
}
],
"sources": [
{
"db": "BID",
"id": "26851"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004722"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-163"
},
{
"db": "NVD",
"id": "CVE-2007-6385"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:kerio:winroute_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004722"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "26851"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-163"
}
],
"trust": 0.9
},
"cve": "CVE-2007-6385",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2007-6385",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-29747",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6385",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2007-6385",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200712-163",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-29747",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29747"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004722"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-163"
},
{
"db": "NVD",
"id": "CVE-2007-6385"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. Kerio WinRoute Firewall is prone to an unspecified weakness that allows local users to bypass proxy authentication. \nExploiting this issue may permit a local attacker to obtain web pages that are supposed to be administratively prohibited with proxy controls. \nVersions prior to Kerio WinRoute Firewall 6.4.1 contain this weakness. \n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nSOLUTION:\nUpdate to version 6.4.1. \nhttp://www.kerio.com/kwf_download.html\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.kerio.com/kwf_history.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6385"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004722"
},
{
"db": "BID",
"id": "26851"
},
{
"db": "VULHUB",
"id": "VHN-29747"
},
{
"db": "PACKETSTORM",
"id": "61822"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6385",
"trust": 2.8
},
{
"db": "BID",
"id": "26851",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "28072",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1019095",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "42122",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-4212",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004722",
"trust": 0.8
},
{
"db": "XF",
"id": "39020",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200712-163",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-29747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61822",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29747"
},
{
"db": "BID",
"id": "26851"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004722"
},
{
"db": "PACKETSTORM",
"id": "61822"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-163"
},
{
"db": "NVD",
"id": "CVE-2007-6385"
}
]
},
"id": "VAR-200712-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-29747"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:22:25.637000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Kerio Control ? Release History",
"trust": 0.8,
"url": "http://www.kerio.com/control/history"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004722"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29747"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004722"
},
{
"db": "NVD",
"id": "CVE-2007-6385"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.kerio.com/kwf_history.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/26851"
},
{
"trust": 1.7,
"url": "http://osvdb.org/42122"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1019095"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28072"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/4212"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39020"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6385"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6385"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/4212"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/39020"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3613/"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28072/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29747"
},
{
"db": "BID",
"id": "26851"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004722"
},
{
"db": "PACKETSTORM",
"id": "61822"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-163"
},
{
"db": "NVD",
"id": "CVE-2007-6385"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-29747"
},
{
"db": "BID",
"id": "26851"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004722"
},
{
"db": "PACKETSTORM",
"id": "61822"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-163"
},
{
"db": "NVD",
"id": "CVE-2007-6385"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-29747"
},
{
"date": "2007-12-13T00:00:00",
"db": "BID",
"id": "26851"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004722"
},
{
"date": "2007-12-14T00:12:58",
"db": "PACKETSTORM",
"id": "61822"
},
{
"date": "2007-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-163"
},
{
"date": "2007-12-15T02:46:00",
"db": "NVD",
"id": "CVE-2007-6385"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-29747"
},
{
"date": "2015-05-07T17:34:00",
"db": "BID",
"id": "26851"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004722"
},
{
"date": "2007-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-163"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-6385"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "26851"
},
{
"db": "PACKETSTORM",
"id": "61822"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-163"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall Proxy server vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004722"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-163"
}
],
"trust": 0.6
}
}
VAR-200610-0254
Vulnerability from variot - Updated: 2025-04-10 23:21Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses. Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. Exploiting this issue may permit an attacker to crash affected devices, denying further network services to legitimate users. Kerio WinRoute Firewall 6.2.2 and prior versions are vulnerable; other versions may also be affected. Kerio WinRoute Firewall is a gateway firewall for small and medium businesses.
To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.
The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.
This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links
Read the full description: http://corporate.secunia.com/products/48/?r=l
Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l
TITLE: Kerio WinRoute Firewall DNS Response Denial of Service
SECUNIA ADVISORY ID: SA22986
VERIFY ADVISORY: http://secunia.com/advisories/22986/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/
DESCRIPTION: A vulnerability has been reported in Kerio WinRoute Firewall, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error when processing malformed DNS responses. This can be exploited to crash the application.
SOLUTION: Update to version 6.2.3.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200610-0254",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.2.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1"
},
{
"model": "winroute firewall",
"scope": "lte",
"trust": 1.8,
"vendor": "kerio",
"version": "6.2.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "6.1.4_patch_2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "6.1.4_patch_1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.11"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "kerio",
"version": "6.2.2"
},
{
"model": "winroute firewall patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.42"
},
{
"model": "winroute firewall patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.41"
},
{
"model": "winroute firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.2.3"
}
],
"sources": [
{
"db": "BID",
"id": "20584"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002293"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-342"
},
{
"db": "NVD",
"id": "CVE-2006-5420"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:kerio:winroute_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002293"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Technologies, Inc.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-342"
}
],
"trust": 0.6
},
"cve": "CVE-2006-5420",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-5420",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-21528",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-5420",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2006-5420",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200610-342",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-21528",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21528"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002293"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-342"
},
{
"db": "NVD",
"id": "CVE-2006-5420"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses. Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. \nExploiting this issue may permit an attacker to crash affected devices, denying further network services to legitimate users. \nKerio WinRoute Firewall 6.2.2 and prior versions are vulnerable; other versions may also be affected. Kerio WinRoute Firewall is a gateway firewall for small and medium businesses. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nKerio WinRoute Firewall DNS Response Denial of Service\n\nSECUNIA ADVISORY ID:\nSA22986\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22986/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nKerio WinRoute Firewall 6.x\nhttp://secunia.com/product/3613/\n\nDESCRIPTION:\nA vulnerability has been reported in Kerio WinRoute Firewall, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an unspecified error when\nprocessing malformed DNS responses. This can be exploited to crash\nthe application. \n\nSOLUTION:\nUpdate to version 6.2.3. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5420"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002293"
},
{
"db": "BID",
"id": "20584"
},
{
"db": "VULHUB",
"id": "VHN-21528"
},
{
"db": "PACKETSTORM",
"id": "52408"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5420",
"trust": 2.5
},
{
"db": "BID",
"id": "20584",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "22986",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1017067",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-4056",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002293",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200610-342",
"trust": 0.7
},
{
"db": "XF",
"id": "29629",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-21528",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52408",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21528"
},
{
"db": "BID",
"id": "20584"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002293"
},
{
"db": "PACKETSTORM",
"id": "52408"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-342"
},
{
"db": "NVD",
"id": "CVE-2006-5420"
}
]
},
"id": "VAR-200610-0254",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21528"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:21:04.413000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Kerio Control ? Release History",
"trust": 0.8,
"url": "http://www.kerio.com/control/history"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002293"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5420"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.kerio.com/kwf_history.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/20584"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1017067"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/22986"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/4056"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29629"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5420"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5420"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/4056"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/29629"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/products/48/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3613/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22986/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21528"
},
{
"db": "BID",
"id": "20584"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002293"
},
{
"db": "PACKETSTORM",
"id": "52408"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-342"
},
{
"db": "NVD",
"id": "CVE-2006-5420"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-21528"
},
{
"db": "BID",
"id": "20584"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002293"
},
{
"db": "PACKETSTORM",
"id": "52408"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-342"
},
{
"db": "NVD",
"id": "CVE-2006-5420"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-21528"
},
{
"date": "2006-10-17T00:00:00",
"db": "BID",
"id": "20584"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002293"
},
{
"date": "2006-11-22T00:45:15",
"db": "PACKETSTORM",
"id": "52408"
},
{
"date": "2006-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-342"
},
{
"date": "2006-10-20T14:07:00",
"db": "NVD",
"id": "CVE-2006-5420"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-21528"
},
{
"date": "2006-10-18T22:29:00",
"db": "BID",
"id": "20584"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002293"
},
{
"date": "2006-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-342"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-5420"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-342"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-342"
}
],
"trust": 0.6
}
}
VAR-200610-0433
Vulnerability from variot - Updated: 2025-04-10 23:05The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors. Sunbelt Kerio Personal Firewall is prone to multiple local denial-of-service vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these vulnerabilities allows local attackers to crash affected systems, facilitating a denial-of-service condition on the local computer. Code execution may also be possible, but this has not been confirmed. Sunbelt Kerio Personal Firewall hooks many functions in SSDT, at least 6 of them may not have parameters to authenticate user mode. Due to a bug in the fwdrv.sys and khips.sys drivers, calling NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, or NtSetInformationFile with invalid parameter values can lead to a system crash.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
The vulnerabilities are caused due to errors within fwdrv.sys and khips.sys when handling the parameters of certain hooked functions. This can be exploited to cause a DoS by calling NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile with specially crafted parameters.
The vulnerability has been reported in Kerio Personal Firewall 4.3.268, 4.3.246, 4.2.3.912. Other versions may also be affected.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: David Matousek
ORIGINAL ADVISORY: http://www.matousec.com/info/advisories/Kerio-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200610-0433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "4.0.8"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "4.0.16"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "4.0.7"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "4.0.12"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "4.0.13"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "4.0.10"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "4.0.6"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "4.0.11"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "4.0.14"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "4.0.15"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.3.268"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.3.246"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "4.0.9"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "4.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "4.1.0"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "4.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "4.1.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "4.1"
},
{
"model": "personal firewall",
"scope": "lte",
"trust": 0.8,
"vendor": "kerio",
"version": "4.3.268"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "4.2.3.912"
},
{
"model": "personal firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "4.3.635"
}
],
"sources": [
{
"db": "BID",
"id": "20299"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002217"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-055"
},
{
"db": "NVD",
"id": "CVE-2006-5153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:kerio:personal_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002217"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Matousek david@matousec.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-055"
}
],
"trust": 0.6
},
"cve": "CVE-2006-5153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-5153",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-21261",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-5153",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2006-5153",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200610-055",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-21261",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21261"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002217"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-055"
},
{
"db": "NVD",
"id": "CVE-2006-5153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors. Sunbelt Kerio Personal Firewall is prone to multiple local denial-of-service vulnerabilities because the application fails to properly sanitize user-supplied input. \nExploiting these vulnerabilities allows local attackers to crash affected systems, facilitating a denial-of-service condition on the local computer. Code execution may also be possible, but this has not been confirmed. Sunbelt Kerio Personal Firewall hooks many functions in SSDT, at least 6 of them may not have parameters to authenticate user mode. Due to a bug in the fwdrv.sys and khips.sys drivers, calling NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, or NtSetInformationFile with invalid parameter values \u200b\u200bcan lead to a system crash. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nThe vulnerabilities are caused due to errors within fwdrv.sys and\nkhips.sys when handling the parameters of certain hooked functions. \nThis can be exploited to cause a DoS by calling NtCreateFile,\nNtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and\nNtSetInformationFile with specially crafted parameters. \n\nThe vulnerability has been reported in Kerio Personal Firewall\n4.3.268, 4.3.246, 4.2.3.912. Other versions may also be affected. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nDavid Matousek\n\nORIGINAL ADVISORY:\nhttp://www.matousec.com/info/advisories/Kerio-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5153"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002217"
},
{
"db": "BID",
"id": "20299"
},
{
"db": "VULHUB",
"id": "VHN-21261"
},
{
"db": "PACKETSTORM",
"id": "50464"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5153",
"trust": 2.8
},
{
"db": "BID",
"id": "20299",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "22234",
"trust": 1.8
},
{
"db": "SREASON",
"id": "1685",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016967",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3872",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200610-055",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061001 KERIO MULTIPLE INSUFFICIENT ARGUMENT VALIDATION OF HOOKED SSDT FUNCTION VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "29313",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-21261",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50464",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21261"
},
{
"db": "BID",
"id": "20299"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002217"
},
{
"db": "PACKETSTORM",
"id": "50464"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-055"
},
{
"db": "NVD",
"id": "CVE-2006-5153"
}
]
},
"id": "VAR-200610-0433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21261"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:05:48.542000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sunbelt Kerio Personal Firewall",
"trust": 0.8,
"url": "http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002217"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.matousec.com/info/advisories/kerio-multiple-insufficient-argument-validation-of-hooked-ssdt-functions.php"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/20299"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016967"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/22234"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1685"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/447504/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3872"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29313"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5153"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5153"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/447504/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/29313"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3872"
},
{
"trust": 0.3,
"url": "http://www.sunbelt-software.com/kerio.cfm"
},
{
"trust": 0.3,
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"trust": 0.3,
"url": "/archive/1/447504"
},
{
"trust": 0.3,
"url": "/archive/1/479830"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22234/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2654/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21261"
},
{
"db": "BID",
"id": "20299"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002217"
},
{
"db": "PACKETSTORM",
"id": "50464"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-055"
},
{
"db": "NVD",
"id": "CVE-2006-5153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-21261"
},
{
"db": "BID",
"id": "20299"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002217"
},
{
"db": "PACKETSTORM",
"id": "50464"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-055"
},
{
"db": "NVD",
"id": "CVE-2006-5153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-21261"
},
{
"date": "2006-10-02T00:00:00",
"db": "BID",
"id": "20299"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002217"
},
{
"date": "2006-10-03T01:14:36",
"db": "PACKETSTORM",
"id": "50464"
},
{
"date": "2006-10-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-055"
},
{
"date": "2006-10-05T04:04:00",
"db": "NVD",
"id": "CVE-2006-5153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-21261"
},
{
"date": "2007-09-18T21:20:00",
"db": "BID",
"id": "20299"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002217"
},
{
"date": "2006-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-055"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-5153"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-055"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sunbelt Kerio Personal Firewall of fwdrv.sys Service disruption in drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002217"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-055"
}
],
"trust": 0.6
}
}
VAR-200505-0521
Vulnerability from variot - Updated: 2025-04-03 22:42Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions. This issue is due to a design error that causes the application to fail to properly validate the origin of network requests. An attacker may leverage this issue to bypass network access restrictions, potentially leading administrators to a false sense of security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0521",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.1.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.16"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.10"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.9"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.8"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.7"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.6"
},
{
"model": "personal firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "4.1.3"
}
],
"sources": [
{
"db": "BID",
"id": "12946"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-386"
},
{
"db": "NVD",
"id": "CVE-2005-0964"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Petr Matousek of Masaryk University is credited with the discovery of this issue.",
"sources": [
{
"db": "BID",
"id": "12946"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-386"
}
],
"trust": 0.9
},
"cve": "CVE-2005-0964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2005-0964",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-12173",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-0964",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-386",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12173",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12173"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-386"
},
{
"db": "NVD",
"id": "CVE-2005-0964"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions. This issue is due to a design error that causes the application to fail to properly validate the origin of network requests. \nAn attacker may leverage this issue to bypass network access restrictions, potentially leading administrators to a false sense of security",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0964"
},
{
"db": "BID",
"id": "12946"
},
{
"db": "VULHUB",
"id": "VHN-12173"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-0964",
"trust": 2.0
},
{
"db": "BID",
"id": "12946",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "14717",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1013607",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-386",
"trust": 0.7
},
{
"db": "XF",
"id": "19893",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-12173",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12173"
},
{
"db": "BID",
"id": "12946"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-386"
},
{
"db": "NVD",
"id": "CVE-2005-0964"
}
]
},
"id": "VAR-200505-0521",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12173"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:42:41.743000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.kerio.com/security_advisory.html#0503"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/12946"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1013607"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/14717"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19893"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/19893"
},
{
"trust": 0.3,
"url": "http://www.sunbelt-software.com/kerio.cfm"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12173"
},
{
"db": "BID",
"id": "12946"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-386"
},
{
"db": "NVD",
"id": "CVE-2005-0964"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12173"
},
{
"db": "BID",
"id": "12946"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-386"
},
{
"db": "NVD",
"id": "CVE-2005-0964"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-12173"
},
{
"date": "2005-03-30T00:00:00",
"db": "BID",
"id": "12946"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-386"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-0964"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-12173"
},
{
"date": "2009-07-12T11:56:00",
"db": "BID",
"id": "12946"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-386"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-0964"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "12946"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-386"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall Local Network Access Restriction Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "12946"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-386"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "12946"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-386"
}
],
"trust": 0.9
}
}
VAR-200212-0043
Vulnerability from variot - Updated: 2025-04-03 22:41Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to cause a denial of service (hang and CPU consumption) via a SYN packet flood. Kerio Personal Firewall (KPF) is a personal firewall product for the Microsoft Windows operating system. When KPF recieves a large number of SYN packets are recieved from a single source, the firewall process will consume all available CPU time, and eventually hang the vulnerable system. A reboot may be required in order to regain normal functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.3"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.4"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.4"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.3"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1"
}
],
"sources": [
{
"db": "BID",
"id": "5570"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-644"
},
{
"db": "NVD",
"id": "CVE-2002-2161"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by \"Abraham Lincoln\" \u003csunninja@scientist.com\u003e.",
"sources": [
{
"db": "BID",
"id": "5570"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-644"
}
],
"trust": 0.9
},
"cve": "CVE-2002-2161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2161",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-6544",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2161",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-644",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6544",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6544"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-644"
},
{
"db": "NVD",
"id": "CVE-2002-2161"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to cause a denial of service (hang and CPU consumption) via a SYN packet flood. Kerio Personal Firewall (KPF) is a personal firewall product for the Microsoft Windows operating system. \nWhen KPF recieves a large number of SYN packets are recieved from a single source, the firewall process will consume all available CPU time, and eventually hang the vulnerable system. A reboot may be required in order to regain normal functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2161"
},
{
"db": "BID",
"id": "5570"
},
{
"db": "VULHUB",
"id": "VHN-6544"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5570",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-2161",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-644",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020826 KERIO PERSONAL FIREWALL DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "9963",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6544",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6544"
},
{
"db": "BID",
"id": "5570"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-644"
},
{
"db": "NVD",
"id": "CVE-2002-2161"
}
]
},
"id": "VAR-200212-0043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6544"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:41:58.290000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5570"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/289119"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9963.php"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6544"
},
{
"db": "BID",
"id": "5570"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-644"
},
{
"db": "NVD",
"id": "CVE-2002-2161"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6544"
},
{
"db": "BID",
"id": "5570"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-644"
},
{
"db": "NVD",
"id": "CVE-2002-2161"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6544"
},
{
"date": "2002-08-26T00:00:00",
"db": "BID",
"id": "5570"
},
{
"date": "2002-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-644"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2161"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6544"
},
{
"date": "2002-08-26T00:00:00",
"db": "BID",
"id": "5570"
},
{
"date": "2006-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-644"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-2161"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-644"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall Multiple SYN Packet Service Rejection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-644"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-644"
}
],
"trust": 0.6
}
}
VAR-200501-0255
Vulnerability from variot - Updated: 2025-04-03 22:41The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field. A remote denial of service vulnerability affects the IP options filtering functionality of Kerio's Personal Firewall. This issue is caused by a failure of the application to properly handle malformed network packets. A remote attacker can exploit this issue anonymously with a spoofed packet to cause a computer running the affected application to hang indefinitely, denying service to legitimate users. Kerio Personal Firewall is a personal desktop firewall
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200501-0255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.16"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.10"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.9"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.8"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.7"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.6"
},
{
"model": "personal firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "4.1.2"
}
],
"sources": [
{
"db": "BID",
"id": "11639"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-222"
},
{
"db": "NVD",
"id": "CVE-2004-1109"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karl Lynn",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-222"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1109",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-1109",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-9539",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-1109",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200501-222",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9539",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9539"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-222"
},
{
"db": "NVD",
"id": "CVE-2004-1109"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field. A remote denial of service vulnerability affects the IP options filtering functionality of Kerio\u0027s Personal Firewall. This issue is caused by a failure of the application to properly handle malformed network packets. \nA remote attacker can exploit this issue anonymously with a spoofed packet to cause a computer running the affected application to hang indefinitely, denying service to legitimate users. Kerio Personal Firewall is a personal desktop firewall",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1109"
},
{
"db": "BID",
"id": "11639"
},
{
"db": "VULHUB",
"id": "VHN-9539"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-9539",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9539"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11639",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-1109",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200501-222",
"trust": 0.7
},
{
"db": "XF",
"id": "17992",
"trust": 0.6
},
{
"db": "EEYE",
"id": "AD20041109",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-62908",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "626",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-9539",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9539"
},
{
"db": "BID",
"id": "11639"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-222"
},
{
"db": "NVD",
"id": "CVE-2004-1109"
}
]
},
"id": "VAR-200501-0255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9539"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:41:50.812000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1109"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.kerio.com/security_advisory.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11639"
},
{
"trust": 1.7,
"url": "http://www.eeye.com/html/research/advisories/ad20041109.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17992"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17992"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kpf_download.html"
},
{
"trust": 0.3,
"url": "/archive/1/380749"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9539"
},
{
"db": "BID",
"id": "11639"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-222"
},
{
"db": "NVD",
"id": "CVE-2004-1109"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9539"
},
{
"db": "BID",
"id": "11639"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-222"
},
{
"db": "NVD",
"id": "CVE-2004-1109"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-9539"
},
{
"date": "2004-11-09T00:00:00",
"db": "BID",
"id": "11639"
},
{
"date": "2004-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-222"
},
{
"date": "2005-01-10T05:00:00",
"db": "NVD",
"id": "CVE-2004-1109"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9539"
},
{
"date": "2004-11-09T00:00:00",
"db": "BID",
"id": "11639"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-222"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-1109"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-222"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio PersonalFirewall FWDRV.SYS Denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-222"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-222"
}
],
"trust": 0.6
}
}
VAR-200504-0069
Vulnerability from variot - Updated: 2025-04-03 22:41The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations.". Various Kerio products are vulnerable to a denial of service vulnerability with regards to the administration port. This issue is due to a failure of the application to properly handle exceptional conditions with regards to specifically malformed data. A remote attacker may leverage these issues, without requiring authentication, to exhaust resources on an affected computer, effectively denying service for legitimate users. The vendor has addressed this issue in Kerio MailServer 6.0.9, Kerio WinRoute Firewall 6.0.11, and Kerio Personal Firewall 4.1.3; earlier versions of these products are reported vulnerable. Kerio WinRoute Firewall is an enterprise-level firewall of American Kerio Company, which provides functions such as Internet sharing, virus protection and transparent proxy
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200504-0069",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.16"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.10"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.7"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.1.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.9"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.8"
},
{
"model": "winroute firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.11"
},
{
"model": "personal firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "4.1.3"
},
{
"model": "mailserver",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.9"
}
],
"sources": [
{
"db": "BID",
"id": "13458"
},
{
"db": "CNNVD",
"id": "CNNVD-200504-125"
},
{
"db": "NVD",
"id": "CVE-2005-1063"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Javier Munoz (Secure Computer Group) is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "13458"
},
{
"db": "CNNVD",
"id": "CNNVD-200504-125"
}
],
"trust": 0.9
},
"cve": "CVE-2005-1063",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1063",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-12272",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1063",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200504-125",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12272",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12272"
},
{
"db": "CNNVD",
"id": "CNNVD-200504-125"
},
{
"db": "NVD",
"id": "CVE-2005-1063"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to \"compute unexpected conditions\" and \"perform cryptographic operations.\". Various Kerio products are vulnerable to a denial of service vulnerability with regards to the administration port. \nThis issue is due to a failure of the application to properly handle exceptional conditions with regards to specifically malformed data. \nA remote attacker may leverage these issues, without requiring\nauthentication, to exhaust resources on an affected computer, effectively\ndenying service for legitimate users. \nThe vendor has addressed this issue in Kerio MailServer 6.0.9, Kerio\nWinRoute Firewall 6.0.11, and Kerio Personal Firewall 4.1.3; earlier\nversions of these products are reported vulnerable. Kerio WinRoute Firewall is an enterprise-level firewall of American Kerio Company, which provides functions such as Internet sharing, virus protection and transparent proxy",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1063"
},
{
"db": "BID",
"id": "13458"
},
{
"db": "VULHUB",
"id": "VHN-12272"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1063",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200504-125",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20050429 [CAN-2005-1063] ADMINISTRATION PROTOCOL ABUSE LEADS TO SERVICE AND SYSTEM DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "BID",
"id": "13458",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-12272",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12272"
},
{
"db": "BID",
"id": "13458"
},
{
"db": "CNNVD",
"id": "CNNVD-200504-125"
},
{
"db": "NVD",
"id": "CVE-2005-1063"
}
]
},
"id": "VAR-200504-0069",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12272"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:41:50.646000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1063"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/397220"
},
{
"trust": 1.7,
"url": "http://www.kerio.com/security_advisory.html"
},
{
"trust": 1.4,
"url": "http://research.tic.udc.es/scg/advisories/20050429-2.txt"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://www.sunbelt-software.com/kerio.cfm"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kwf_home.html"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12272"
},
{
"db": "BID",
"id": "13458"
},
{
"db": "CNNVD",
"id": "CNNVD-200504-125"
},
{
"db": "NVD",
"id": "CVE-2005-1063"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12272"
},
{
"db": "BID",
"id": "13458"
},
{
"db": "CNNVD",
"id": "CNNVD-200504-125"
},
{
"db": "NVD",
"id": "CVE-2005-1063"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-12272"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "13458"
},
{
"date": "2005-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200504-125"
},
{
"date": "2005-04-29T04:00:00",
"db": "NVD",
"id": "CVE-2005-1063"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-12272"
},
{
"date": "2009-07-12T14:06:00",
"db": "BID",
"id": "13458"
},
{
"date": "2006-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200504-125"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-1063"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200504-125"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Management Port Denial of Service Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200504-125"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200504-125"
}
],
"trust": 0.6
}
}
VAR-200412-0550
Vulnerability from variot - Updated: 2025-04-03 22:40Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. Kerio Personal Firewall 2.1.5 has been reported to be prone to this issue, however, other versions could be affected as well. Kerio Personal Firewall is a personal firewall
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0550",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.5"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.5"
}
],
"sources": [
{
"db": "BID",
"id": "9525"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-965"
},
{
"db": "NVD",
"id": "CVE-2004-2329"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Johan Tuneld",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-965"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2329",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2004-2329",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-10757",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2329",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-965",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-10757",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10757"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-965"
},
{
"db": "NVD",
"id": "CVE-2004-2329"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. \nKerio Personal Firewall 2.1.5 has been reported to be prone to this issue, however, other versions could be affected as well. Kerio Personal Firewall is a personal firewall",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2329"
},
{
"db": "BID",
"id": "9525"
},
{
"db": "VULHUB",
"id": "VHN-10757"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "9525",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-2329",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "10746",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "3748",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1008870",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-965",
"trust": 0.7
},
{
"db": "XF",
"id": "14981",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "5983",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-10757",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10757"
},
{
"db": "BID",
"id": "9525"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-965"
},
{
"db": "NVD",
"id": "CVE-2004-2329"
}
]
},
"id": "VAR-200412-0550",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10757"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:40:37.596000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2329"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.tuneld.com/news/?id=30"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/9525"
},
{
"trust": 1.7,
"url": "http://www.tuneld.com/_images/other/kpf_system_privileges.png"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/3748"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/alerts/2004/jan/1008870.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/10746/"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14981"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/14981"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/5983"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10757"
},
{
"db": "BID",
"id": "9525"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-965"
},
{
"db": "NVD",
"id": "CVE-2004-2329"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10757"
},
{
"db": "BID",
"id": "9525"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-965"
},
{
"db": "NVD",
"id": "CVE-2004-2329"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10757"
},
{
"date": "2004-01-29T00:00:00",
"db": "BID",
"id": "9525"
},
{
"date": "2004-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-965"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2329"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10757"
},
{
"date": "2004-01-29T00:00:00",
"db": "BID",
"id": "9525"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-965"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-2329"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "9525"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-965"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "BID",
"id": "9525"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-965"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-965"
}
],
"trust": 0.6
}
}
VAR-200501-0046
Vulnerability from variot - Updated: 2025-04-03 22:40Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. Kerio Mailserver is prone to a local security vulnerability. Kerio is a security software company that offers a variety of security software. __________
Secure Computer Group - University of A Coruna
http://research.tic.udc.es/scg/
-- x --
dotpi.com Information Technologies Research Labs
http://www.dotpi.com
ID: #20041214-2 Document title: Insecure default file system permissions on Microsoft versions of Kerio Software
Document revision: 1.0
Coordinated release date: 2004/12/14 Vendor Acknowledge date: 2004/11/10 Reported date: 2004/11/08
CVE Name: CAN-2004-1023
Other references: N/A
Summary:
Impact: Privilege escalation System sofware tampering Trojan injection Second-stage attack vector Alter configuration files
Rating/Severity: Low Recommendation: Update to latest version Enforce file system ACLs
Vendor: Kerio Technologies Inc.
Affected software: Kerio WinRoute Firewall (all versions) Kerio ServerFirewall (all versions) Kerio MailServer (all windows versions)
Updates/Patches: Yes (see below)
General Information:
-
Executive summary: ------------------
As a result of its collaboration relationship the Secure Computer Group (SCG) along with dotpi.com Research Labs have determined the following security issue on some Kerio Software.
Kerio WinRoute Firewall, Kerio ServerFirewall and Kerio MailServer are installed by default under 'Program Files' system folder. No change is done to the ACLs after the installation process.
System administrators should enforce ACL security settings in order solve this problem. It is also highly recommended to verify this settings as part of the planning, installation, hardening and auditing processes.
New versions of the software solve this an other minor problems so it is upgrade its highly recommended.
-
Technical details: ------------------
Following the latest trends and approaches to responsible disclosure, SCG and dotpi.com are going to withhold details of this flaw for three months.
Full details will be published on 2005/03/14. This three month window will allow system administrators the time needed to obtain the patch before the details are released to the general public.
-
Risk Assessment factors: ------------------------
The attacker would need local interactive access to the installation directory. Remote access is also possible but default system settings do not make this easy.
The most risky scenarios are the ones in which the server machine is shared among two or more users or those situations where Kerio service management have been delegated to a third party any other than local or domain system administrator.
Special care should be taken on such environments and every step of the project: design, planning, deployment and management should consider this security issues.
Privilege escalation, system and software tampering and the ability to alter service configuration are all real issues and all of them can be used as a second stage attack vector.
-
Solutions and recommendations: ------------------------------
Enforce the file system ACLs and/or upgrade to the latest versions:
o Kerio Winroute Firewall 6.0.9 o Kerio ServerFirewall 1.0.1 o Kerio MailServer 6.0.5As in any other case, follow, as much as possible, the Industry 'Best Practices' on Planning, Deployment and Operation on this kind of services.
-
Common Vulnerabilities and Exposures (CVE) project: ---------------------------------------------------
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1023 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
Acknowledgements:
-
Special thanks to Vladimir Toncar and Pavel Dobry and the whole Technical Team from Kerio Technologies (support at kerio.com) for their quick response and professional handling on this issue.
-
The whole Research Lab at dotpi.com and specially to Carlos Veira for his leadership and support.
-
Secure Computer Group at University of A Coruna (scg at udc.es), and specially to Antonino Santos del Riego powering new research paths at University of a Coruna.
Credits:
Javier Munoz (Secure Computer Group) is credited with this discovery.
Related Links:
[1] Kerio Technologies Inc. http://www.kerio.com/
[2] Kerio WinRoute Firewall Downloads & Updates http://www.kerio.com/kwf_download.html
[3] Kerio ServerFirewall Downloads & Updates http://www.kerio.com/ksf_download.html
[4] Kerio MailServer Downloads & Updates http://www.kerio.com/kms_download.html
[5] Secure Computer Group. University of A Coruna http://research.tic.udc.es/scg/
[6] Secure Computer Group. Updated advisory http://research.tic.udc.es/scg/advisories/20041214-2.txt
[7] dotpi.com Information Technologies S.L. http://www.dotpi.com/
[8] dotpi.com Research Labs http://www.dotpi.com/research/
Legal notice:
Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna Copyright (c) 2004 dotpi.com Information Technologies S.L.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of the authors.
If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please contact the authors for explicit written permission at the following e-mail addresses: (scg at udc.es) and (info at dotpi.com).
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200501-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.0"
},
{
"model": "serverfirewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "1.0.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.6"
}
],
"sources": [
{
"db": "BID",
"id": "90583"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
},
{
"db": "NVD",
"id": "CVE-2004-1023"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "90583"
}
],
"trust": 0.3
},
"cve": "CVE-2004-1023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2004-1023",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-9453",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-1023",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200501-129",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-9453",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9453"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
},
{
"db": "NVD",
"id": "CVE-2004-1023"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. Kerio Mailserver is prone to a local security vulnerability. Kerio is a security software company that offers a variety of security software. ______________________________________________________________________\n\n\n Secure Computer Group - University of A Coruna\n http://research.tic.udc.es/scg/\n\n -- x --\n\n dotpi.com Information Technologies Research Labs\n http://www.dotpi.com\n\n______________________________________________________________________\n\nID: #20041214-2\nDocument title: Insecure default file system permissions on\n Microsoft versions of Kerio Software \n\nDocument revision: 1.0\n\nCoordinated release date: 2004/12/14\nVendor Acknowledge date: 2004/11/10\nReported date: 2004/11/08\n\nCVE Name: CAN-2004-1023\n\nOther references: N/A\n______________________________________________________________________\n\nSummary:\n\n Impact: Privilege escalation\n System sofware tampering\n Trojan injection\n Second-stage attack vector\n Alter configuration files\n\n Rating/Severity: Low\n Recommendation: Update to latest version\n Enforce file system ACLs\n\n Vendor: Kerio Technologies Inc. \n\n Affected software: Kerio WinRoute Firewall (all versions)\n Kerio ServerFirewall (all versions)\n Kerio MailServer (all windows versions)\n\n Updates/Patches: Yes (see below)\n______________________________________________________________________\n\nGeneral Information:\n\n 1. Executive summary:\n ------------------\n\n As a result of its collaboration relationship the Secure Computer\n Group (SCG) along with dotpi.com Research Labs have determined\n the following security issue on some Kerio Software. \n\n Kerio WinRoute Firewall, Kerio ServerFirewall and Kerio MailServer\n are installed by default under \u0027Program Files\u0027 system folder. No\n change is done to the ACLs after the installation process. \n\n System administrators should enforce ACL security settings in\n order solve this problem. It is also highly recommended to\n verify this settings as part of the planning, installation,\n hardening and auditing processes. \n\n New versions of the software solve this an other minor problems\n so it is upgrade its highly recommended. \n\n\n 2. Technical details:\n ------------------\n\n Following the latest trends and approaches to responsible\n disclosure, SCG and dotpi.com are going to withhold details of\n this flaw for three months. \n\n Full details will be published on 2005/03/14. This three month\n window will allow system administrators the time needed to\n obtain the patch before the details are released to the general\n public. \n\n\n 3. Risk Assessment factors:\n ------------------------\n\n The attacker would need local interactive access to the\n installation directory. Remote access is also possible but\n default system settings do not make this easy. \n\n The most risky scenarios are the ones in which the server machine\n is shared among two or more users or those situations where Kerio\n service management have been delegated to a third party any other\n than local or domain system administrator. \n\n Special care should be taken on such environments and every step\n of the project: design, planning, deployment and management\n should consider this security issues. \n\n Privilege escalation, system and software tampering and the\n ability to alter service configuration are all real issues and\n all of them can be used as a second stage attack vector. \n\n\n 4. Solutions and recommendations:\n ------------------------------\n\n Enforce the file system ACLs and/or upgrade to the latest\n versions:\n\n \to Kerio Winroute Firewall 6.0.9\n \t\n \to Kerio ServerFirewall 1.0.1\n\n \to Kerio MailServer 6.0.5\n\n As in any other case, follow, as much as possible, the Industry\n \u0027Best Practices\u0027 on Planning, Deployment and Operation on this\n kind of services. \n\n\n 5. Common Vulnerabilities and Exposures (CVE) project:\n ---------------------------------------------------\n\n The Common Vulnerabilities and Exposures (CVE) project has\n assigned the name CAN-2004-1023 to this issue. This is a\n candidate for inclusion in the CVE list (http://cve.mitre.org),\n which standardizes names for security problems. \n\n______________________________________________________________________\n\nAcknowledgements:\n\n 1. Special thanks to Vladimir Toncar and Pavel Dobry and the whole\n Technical Team from Kerio Technologies (support at kerio.com)\n for their quick response and professional handling on this issue. \n\n 3. The whole Research Lab at dotpi.com and specially to Carlos Veira\n for his leadership and support. \n\n 3. Secure Computer Group at University of A Coruna (scg at udc.es),\n and specially to Antonino Santos del Riego powering new research\n paths at University of a Coruna. \n\n______________________________________________________________________\n\nCredits:\n\n Javier Munoz (Secure Computer Group) is credited with this discovery. \n\n______________________________________________________________________\n\nRelated Links:\n\n [1] Kerio Technologies Inc. \n http://www.kerio.com/\n\n [2] Kerio WinRoute Firewall Downloads \u0026 Updates\n http://www.kerio.com/kwf_download.html\n\n [3] Kerio ServerFirewall Downloads \u0026 Updates\n http://www.kerio.com/ksf_download.html\n\n [4] Kerio MailServer Downloads \u0026 Updates\n http://www.kerio.com/kms_download.html\n\n [5] Secure Computer Group. University of A Coruna\n http://research.tic.udc.es/scg/\n\n [6] Secure Computer Group. Updated advisory\n http://research.tic.udc.es/scg/advisories/20041214-2.txt\n\n [7] dotpi.com Information Technologies S.L. \n http://www.dotpi.com/\n\n [8] dotpi.com Research Labs\n http://www.dotpi.com/research/\n\n______________________________________________________________________\n\nLegal notice:\n\n Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna\n Copyright (c) 2004 dotpi.com Information Technologies S.L. \n\n Permission is granted for the redistribution of this alert\n electronically. It may not be edited in any way without the express\n written consent of the authors. \n\n If you wish to reprint the whole or any part of this alert in any\n other medium other than electronically, please contact the authors\n for explicit written permission at the following e-mail addresses:\n (scg at udc.es) and (info at dotpi.com). \n\n Disclaimer: The information in the advisory is believed to be\n accurate at the time of publishing based on currently available\n information. Use of the information constitutes acceptance for use\n in an AS IS condition. \n\n There are no warranties with regard to this information. Neither the\n author nor the publisher accepts any liability for any direct,\n indirect, or consequential loss or damage arising from use of, or\n reliance on, this information. \n_____________________________________________________________________\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1023"
},
{
"db": "BID",
"id": "90583"
},
{
"db": "VULHUB",
"id": "VHN-9453"
},
{
"db": "PACKETSTORM",
"id": "35332"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-1023",
"trust": 2.1
},
{
"db": "XF",
"id": "18471",
"trust": 0.9
},
{
"db": "BUGTRAQ",
"id": "20041214 [CAN-2004-1023] INSECURE DEFAULT FILE SYSTEM PERMISSIONS ON MICROSOFT VERSIONS OF KERIO SOFTWARE",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129",
"trust": 0.6
},
{
"db": "BID",
"id": "90583",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "35332",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-9453",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9453"
},
{
"db": "BID",
"id": "90583"
},
{
"db": "PACKETSTORM",
"id": "35332"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
},
{
"db": "NVD",
"id": "CVE-2004-1023"
}
]
},
"id": "VAR-200501-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9453"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:40:37.178000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110305387813002\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110305387813002\u0026w=2"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/18471"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=110305387813002\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com/"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/ksf_download.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1023"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kms_download.html"
},
{
"trust": 0.1,
"url": "http://research.tic.udc.es/scg/advisories/20041214-2.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com/research/"
},
{
"trust": 0.1,
"url": "http://research.tic.udc.es/scg/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9453"
},
{
"db": "BID",
"id": "90583"
},
{
"db": "PACKETSTORM",
"id": "35332"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
},
{
"db": "NVD",
"id": "CVE-2004-1023"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9453"
},
{
"db": "BID",
"id": "90583"
},
{
"db": "PACKETSTORM",
"id": "35332"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
},
{
"db": "NVD",
"id": "CVE-2004-1023"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-9453"
},
{
"date": "2005-01-10T00:00:00",
"db": "BID",
"id": "90583"
},
{
"date": "2004-12-30T07:19:43",
"db": "PACKETSTORM",
"id": "35332"
},
{
"date": "2005-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-129"
},
{
"date": "2005-01-10T05:00:00",
"db": "NVD",
"id": "CVE-2004-1023"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9453"
},
{
"date": "2005-01-10T00:00:00",
"db": "BID",
"id": "90583"
},
{
"date": "2006-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-129"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-1023"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "90583"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Multiple software Weak security mechanism vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
],
"trust": 0.6
}
}
VAR-200605-0161
Vulnerability from variot - Updated: 2025-04-03 22:40Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the "email protocol inspectors," possibly (1) SMTP and (2) POP3. Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. The exact cause of this issue is currently unknown. This issue affects Kerio WinRoute Firewall versions prior to 6.2.1. Kerio WinRoute Firewall is a widely popular firewall software system.
Secunia Survey
Secunia would like to invite you to participate in an electronic survey evolving the usefulness of our mailing lists. To value your effort Secunia will offer you free access to the Secunia Security Manager for three months as well as have a prize draw for an iPod nano.
We hope that you will give us a few minutes of your time, as your response will help us provide you with better services in the future. The questionnaire contains 19 questions and it takes approximately 5 minutes to answer the questionnaire.
https://ca.secunia.com/survey/?survey_url=kei933wBid2
The survey is being conducted in accordance with the general Secunia Security Policy and your answers will of course be kept strictly confidential.
Best regards, Niels Henrik Rasmussen CEO Secunia
TITLE: Kerio WinRoute Firewall Protocol Inspection Denial of Service
SECUNIA ADVISORY ID: SA19947
VERIFY ADVISORY: http://secunia.com/advisories/19947/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/
DESCRIPTION: A vulnerability has been reported in Kerio WinRoute Firewall, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error in the SMTP and POP3 protocol inspectors. This can be exploited to crash the service when a malformed e-mail is sent via SMTP or received via POP3.
SOLUTION: Update to version 6.2.1 or later. http://www.kerio.com/kwf_download.html
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.11"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.0.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.1.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.1.3_patch1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.1.4_patch_1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.0.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.2"
},
{
"model": "winroute firewall patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.42"
},
{
"model": "winroute firewall patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.41"
},
{
"model": "winroute firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.2.1"
}
],
"sources": [
{
"db": "BID",
"id": "17859"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-177"
},
{
"db": "NVD",
"id": "CVE-2006-2267"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "17859"
}
],
"trust": 0.3
},
"cve": "CVE-2006-2267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-2267",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-18375",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2267",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-177",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-18375",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18375"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-177"
},
{
"db": "NVD",
"id": "CVE-2006-2267"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the \"email protocol inspectors,\" possibly (1) SMTP and (2) POP3. Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. The exact cause of this issue is currently unknown. \nThis issue affects Kerio WinRoute Firewall versions prior to 6.2.1. Kerio WinRoute Firewall is a widely popular firewall software system. \n\n----------------------------------------------------------------------\n\nSecunia Survey\n\nSecunia would like to invite you to participate in an electronic survey\nevolving the usefulness of our mailing lists. To value your effort\nSecunia will offer you free access to the Secunia Security Manager for\nthree months as well as have a prize draw for an iPod nano. \n\nWe hope that you will give us a few minutes of your time, as your\nresponse will help us provide you with better services in the future. \nThe questionnaire contains 19 questions and it takes approximately 5\nminutes to answer the questionnaire. \n\nhttps://ca.secunia.com/survey/?survey_url=kei933wBid2\n\nThe survey is being conducted in accordance with the general Secunia\nSecurity Policy and your answers will of course be kept strictly\nconfidential. \n\n\nBest regards,\nNiels Henrik Rasmussen\nCEO Secunia\n\n----------------------------------------------------------------------\n\nTITLE:\nKerio WinRoute Firewall Protocol Inspection Denial of Service\n\nSECUNIA ADVISORY ID:\nSA19947\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19947/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nKerio WinRoute Firewall 6.x\nhttp://secunia.com/product/3613/\n\nDESCRIPTION:\nA vulnerability has been reported in Kerio WinRoute Firewall, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an unspecified error in the SMTP\nand POP3 protocol inspectors. This can be exploited to crash the\nservice when a malformed e-mail is sent via SMTP or received via\nPOP3. \n\nSOLUTION:\nUpdate to version 6.2.1 or later. \nhttp://www.kerio.com/kwf_download.html\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.kerio.com/kwf_history.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2267"
},
{
"db": "BID",
"id": "17859"
},
{
"db": "VULHUB",
"id": "VHN-18375"
},
{
"db": "PACKETSTORM",
"id": "46061"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17859",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "19947",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1016032",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-2267",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "25300",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "25273",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1677",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200605-177",
"trust": 0.7
},
{
"db": "XF",
"id": "26263",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060507 KERIO WINROUTE FIREWALL PROTOCOL INSPECTION DENIAL",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-18375",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46061",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18375"
},
{
"db": "BID",
"id": "17859"
},
{
"db": "PACKETSTORM",
"id": "46061"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-177"
},
{
"db": "NVD",
"id": "CVE-2006-2267"
}
]
},
"id": "VAR-200605-0161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-18375"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:40:32.289000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.kerio.com/kwf_history.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/17859"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/25273"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/25300"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016032"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/19947"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/433585/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1677"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26263"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1677"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/26263"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/433585/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kwf_home.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3613/"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19947/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/survey/?survey_url=kei933wbid2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18375"
},
{
"db": "BID",
"id": "17859"
},
{
"db": "PACKETSTORM",
"id": "46061"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-177"
},
{
"db": "NVD",
"id": "CVE-2006-2267"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-18375"
},
{
"db": "BID",
"id": "17859"
},
{
"db": "PACKETSTORM",
"id": "46061"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-177"
},
{
"db": "NVD",
"id": "CVE-2006-2267"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-09T00:00:00",
"db": "VULHUB",
"id": "VHN-18375"
},
{
"date": "2006-05-05T00:00:00",
"db": "BID",
"id": "17859"
},
{
"date": "2006-05-05T11:43:40",
"db": "PACKETSTORM",
"id": "46061"
},
{
"date": "2006-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-177"
},
{
"date": "2006-05-09T10:02:00",
"db": "NVD",
"id": "CVE-2006-2267"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-18375"
},
{
"date": "2006-05-05T22:50:00",
"db": "BID",
"id": "17859"
},
{
"date": "2006-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-177"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-2267"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall Protocol detection module Denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-177"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-177"
}
],
"trust": 0.6
}
}
VAR-200505-1002
Vulnerability from variot - Updated: 2025-04-03 22:39The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods. Personal Firewall is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.0"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.16"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.15"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.14"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.13"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.12"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.11"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.9"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.8"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.0.7"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.1.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "4.1.0"
}
],
"sources": [
{
"db": "BID",
"id": "90125"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-018"
},
{
"db": "NVD",
"id": "CVE-2005-1062"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "90125"
}
],
"trust": 0.3
},
"cve": "CVE-2005-1062",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1062",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12271",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1062",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-018",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-12271",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12271"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-018"
},
{
"db": "NVD",
"id": "CVE-2005-1062"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods. Personal Firewall is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1062"
},
{
"db": "BID",
"id": "90125"
},
{
"db": "VULHUB",
"id": "VHN-12271"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1062",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200505-018",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20050429 [CAN-2005-1062] ADMINISTRATION PROTOCOL ABUSE ALLOWS LOCAL/REMOTE PASSWORD CRACKING",
"trust": 0.6
},
{
"db": "BID",
"id": "90125",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-12271",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12271"
},
{
"db": "BID",
"id": "90125"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-018"
},
{
"db": "NVD",
"id": "CVE-2005-1062"
}
]
},
"id": "VAR-200505-1002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12271"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:39:51.045000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1062"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://research.tic.udc.es/scg/advisories/20050429-1.txt"
},
{
"trust": 2.0,
"url": "http://www.securityfocus.com/archive/1/397221"
},
{
"trust": 2.0,
"url": "http://www.kerio.com/security_advisory.html"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12271"
},
{
"db": "BID",
"id": "90125"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-018"
},
{
"db": "NVD",
"id": "CVE-2005-1062"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12271"
},
{
"db": "BID",
"id": "90125"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-018"
},
{
"db": "NVD",
"id": "CVE-2005-1062"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-12271"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "90125"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-018"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-1062"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-12271"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "90125"
},
{
"date": "2006-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-018"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-1062"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "[CAN-2005-1062] Management Protocol Allows Local Remote Password Cracking Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-018"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-018"
}
],
"trust": 0.6
}
}
VAR-200409-0056
Vulnerability from variot - Updated: 2025-04-03 22:38Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. A vulnerability is reported to affect Kerio Personal Firewall (KPF) 'Application Security' functionality that could permit an executable that is run by an administrator to disable KPF 'Application Security' functionality. It is reported that (KPF) 'Application Security' functionality employs a modified Service Description Table in order to function. It is possible to restore the Service Description Table to its original state. A malicious application that is run by an administrator can read an intact SDT table from kernel memory and restore the SDT table in the running kernel by writing to kernel memory space. This will disable Kerio Personal Firewall (KPF) 'Application Security' functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200409-0056",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.16"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.10"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.9"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.8"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.7"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.0.6"
}
],
"sources": [
{
"db": "BID",
"id": "11096"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-006"
},
{
"db": "NVD",
"id": "CVE-2004-1658"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this vulnerability is credited to Tan Chew Keong of SIG^2 Vulnerability Research.",
"sources": [
{
"db": "BID",
"id": "11096"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-006"
}
],
"trust": 0.9
},
"cve": "CVE-2004-1658",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2004-1658",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-10088",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-1658",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200409-006",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10088",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10088"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-006"
},
{
"db": "NVD",
"id": "CVE-2004-1658"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \\device\\physicalmemory to restore the running kernel\u0027s SDT ServiceTable. A vulnerability is reported to affect Kerio Personal Firewall (KPF) \u0027Application Security\u0027 functionality that could permit an executable that is run by an administrator to disable KPF \u0027Application Security\u0027 functionality. \nIt is reported that (KPF) \u0027Application Security\u0027 functionality employs a modified Service Description Table in order to function. It is possible to restore the Service Description Table to its original state. A malicious application that is run by an administrator can read an intact SDT table from kernel memory and restore the SDT table in the running kernel by writing to kernel memory space. This will disable Kerio Personal Firewall (KPF) \u0027Application Security\u0027 functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1658"
},
{
"db": "BID",
"id": "11096"
},
{
"db": "VULHUB",
"id": "VHN-10088"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11096",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-1658",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "12468",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200409-006",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20040902 KERIO PERSONAL FIREWALL\u0027S APPLICATION LAUNCH PROTECTION CAN BE DISABLED BY DIRECT SERVICE TABLE RESTORATION",
"trust": 0.6
},
{
"db": "XF",
"id": "17270",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-10088",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10088"
},
{
"db": "BID",
"id": "11096"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-006"
},
{
"db": "NVD",
"id": "CVE-2004-1658"
}
]
},
"id": "VAR-200409-0056",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10088"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:38:19.715000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1658"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.security.org.sg/vuln/kerio4016.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11096"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12468/"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17270"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=109420310631039\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17270"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=109420310631039\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=109420310631039\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10088"
},
{
"db": "BID",
"id": "11096"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-006"
},
{
"db": "NVD",
"id": "CVE-2004-1658"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10088"
},
{
"db": "BID",
"id": "11096"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-006"
},
{
"db": "NVD",
"id": "CVE-2004-1658"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-10088"
},
{
"date": "2004-09-02T00:00:00",
"db": "BID",
"id": "11096"
},
{
"date": "2004-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200409-006"
},
{
"date": "2004-09-02T04:00:00",
"db": "NVD",
"id": "CVE-2004-1658"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10088"
},
{
"date": "2004-09-02T00:00:00",
"db": "BID",
"id": "11096"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200409-006"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-1658"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "11096"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-006"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall Application Security Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "11096"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-006"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "11096"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-006"
}
],
"trust": 0.9
}
}
VAR-200510-0113
Vulnerability from variot - Updated: 2025-04-03 22:38The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability.". Kerio Personal Firewall and ServerFirewall are prone to a local denial of service vulnerability. Reports indicate that the FWDRV driver does not verify access to memory associated with the Process Environment Block (PEB) of the application. An attacker can trigger fatal exceptions and cause the firewall process to terminate. A denial of service condition in the firewall can expose computers to further attacks. Kerio Personal Firewall and Server Firewall are easy-to-use firewall products. Kerio Personal Firewall and Server Firewall are easy-to-use firewall products. When parsing the PEB, FWDRV does not check whether the memory is accessible, that is to say, if the attacker can set PAGE_NOACCESS or PAGE_GUARD protection on the PEB, it will cause an exception and the machine will blue screen of death. This can be exploited to crash the system via a malicious application that locks the memory page where its PEB resides before connecting to the network. * Kerio ServerFirewall version 1.1.1 and prior.
SOLUTION: Kerio Personal Firewall: Update to version 4.2.1 or later.
Kerio ServerFirewall: Update to version 1.1.2 or later.
PROVIDED AND/OR DISCOVERED BY: Piotr Bania
ORIGINAL ADVISORY: Kerio: http://www.kerio.com/security_advisory.html
Piotr Bania: http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "serverfirewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "1.1.1"
},
{
"_id": null,
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.2"
}
],
"sources": [
{
"db": "BID",
"id": "15094"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
},
{
"db": "NVD",
"id": "CVE-2005-3286"
}
]
},
"credits": {
"_id": null,
"data": "Piotr Bania bania.piotr@gmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
],
"trust": 0.6
},
"cve": "CVE-2005-3286",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2005-3286",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-14495",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-3286",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200510-180",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-14495",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14495"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
},
{
"db": "NVD",
"id": "CVE-2005-3286"
}
]
},
"description": {
"_id": null,
"data": "The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the \"PEB lockout vulnerability.\". Kerio Personal Firewall and ServerFirewall are prone to a local denial of service vulnerability. \nReports indicate that the FWDRV driver does not verify access to memory associated with the Process Environment Block (PEB) of the application. An attacker can trigger fatal exceptions and cause the firewall process to terminate. \nA denial of service condition in the firewall can expose computers to further attacks. Kerio Personal Firewall and Server Firewall are easy-to-use firewall products. Kerio Personal Firewall and Server Firewall are easy-to-use firewall products. When parsing the PEB, FWDRV does not check whether the memory is accessible, that is to say, if the attacker can set PAGE_NOACCESS or PAGE_GUARD protection on the PEB, it will cause an exception and the machine will blue screen of death. This can be exploited to crash the system via a malicious\napplication that locks the memory page where its PEB resides before\nconnecting to the network. \n* Kerio ServerFirewall version 1.1.1 and prior. \n\nSOLUTION:\nKerio Personal Firewall:\nUpdate to version 4.2.1 or later. \n\nKerio ServerFirewall:\nUpdate to version 1.1.2 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nPiotr Bania\n\nORIGINAL ADVISORY:\nKerio:\nhttp://www.kerio.com/security_advisory.html\n\nPiotr Bania:\nhttp://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3286"
},
{
"db": "BID",
"id": "15094"
},
{
"db": "VULHUB",
"id": "VHN-14495"
},
{
"db": "PACKETSTORM",
"id": "40706"
}
],
"trust": 1.35
},
"external_ids": {
"_id": null,
"data": [
{
"db": "BID",
"id": "15094",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17155",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "19961",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-3286",
"trust": 1.7
},
{
"db": "SREASON",
"id": "78",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20051013 KERIO PERSONAL FIREWALL AND KERIO SERVER FIREWALL FWDRV DRIVER LOCAL DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-14495",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40706",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14495"
},
{
"db": "BID",
"id": "15094"
},
{
"db": "PACKETSTORM",
"id": "40706"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
},
{
"db": "NVD",
"id": "CVE-2005-3286"
}
]
},
"id": "VAR-200510-0113",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14495"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:38:16.213000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3286"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "http://www.kerio.com/security_advisory.html"
},
{
"trust": 1.8,
"url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15094"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-october/037958.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/19961"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17155"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/78"
},
{
"trust": 1.1,
"url": "http://seclists.org/bugtraq/2005/oct/166"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "/archive/1/413253"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1493/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17155/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2653/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4378/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2654/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14495"
},
{
"db": "BID",
"id": "15094"
},
{
"db": "PACKETSTORM",
"id": "40706"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
},
{
"db": "NVD",
"id": "CVE-2005-3286"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-14495",
"ident": null
},
{
"db": "BID",
"id": "15094",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "40706",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2005-3286",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2005-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-14495",
"ident": null
},
{
"date": "2005-10-13T00:00:00",
"db": "BID",
"id": "15094",
"ident": null
},
{
"date": "2005-10-14T22:19:03",
"db": "PACKETSTORM",
"id": "40706",
"ident": null
},
{
"date": "2005-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-180",
"ident": null
},
{
"date": "2005-10-23T10:02:00",
"db": "NVD",
"id": "CVE-2005-3286",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2012-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-14495",
"ident": null
},
{
"date": "2005-10-13T00:00:00",
"db": "BID",
"id": "15094",
"ident": null
},
{
"date": "2012-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-180",
"ident": null
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-3286",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "BID",
"id": "15094"
},
{
"db": "PACKETSTORM",
"id": "40706"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "Kerio Personal firewall and server firewall PEB lockout Denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
],
"trust": 0.6
}
}
VAR-200501-0045
Vulnerability from variot - Updated: 2025-04-03 22:37Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. Kerio WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer are all reported prone to a design flaw. It is reported that these products store credentials in a local database store, these credentials are obscured using an unspecified symmetric encryption algorithm. Reports indicate that a universal secret key is employed to extract plain text from the credential hashes; this presents a security risk because the universal secret key is stored in the WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer binaries. Kerio is an Internet security software company whose main products include firewall and mail system. __________
Secure Computer Group - University of A Coruna
http://research.tic.udc.es/scg/
-- x --
dotpi.com Information Technologies Research Labs
http://www.dotpi.com
ID: #20041214-1 Document title: Insecure Credential Storage on Kerio Software Document revision: 1.0
Coordinated release date: 2004/12/14 Vendor Acknowledge date: 2004/10/06 Reported date: 2004/10/01
CVE Name: CAN-2004-1022
Other references: N/A
Summary:
Impact: Insecure Credential Storage Rating/Severity: Medium Recommendation: Update to latest version
Vendor: Kerio Technologies Inc.
Affected software: Kerio WinRoute Firewall (all versions) Kerio ServerFirewall (all versions) Kerio MailServer (all versions)
Updates/Patches: Yes (see below)
General Information:
-
Executive summary: ------------------
As a result of its collaboration relationship the Secure Computer Group (SCG) along with dotpi.com Research Labs have determined this security issue on Kerio WinRoute Firewall (KWF), Kerio ServerFirewall (KSF) and Kerio MailServer (KMS).
Anyone with a cyphertext of this database (that is, with access to the configuration files) could reverse the encryption using a universal secret key hidden into the program logic.
New versions of the software solve this and other minor problems so it is upgrade its highly recommended.
-
Technical details: ------------------
Following the latest trends and approaches to responsible disclosure, SCG and dotpi.com are going to withhold details of this flaw for three months.
Full details will be published on 2005/03/14. This three month window will allow system administrators the time needed to obtain the patch before the details are released to the general public.
-
Risk Assessment factors: ------------------------
The attacker needs access to the user database, which is not normally a usual condition on a properly hardened firewall and/or mail server.
Despite this, special care should be taken on shared environments where more than one technical staff work together on the firewall and/or the mail server. This kind of scenarios offer a potential opportunity for the insiders on the work of stealing identities and, therefore, breaking access control measures.
It is also important to note that this could be an important second-stage resource for a successful attacker on an already compromised firewall and/or mail server.
-
Solutions and recommendations: ------------------------------
Upgrade to the latest versions:
o Kerio Winroute Firewall 6.0.9 o Kerio ServerFirewall 1.0.1 o Kerio MailServer 6.0.5As in any other case, follow, as much as possible, the Industry 'Best Practices' on Planning, Deployment and Operation on this kind of services.
Note:
Kerio Winroute Firewall 6.0.7 fixed CAN-2004-1022. Kerio Winroute Firewall 6.0.9 is the current version fixing CAN-2004-1022 and CAN-2004-1023
-
Common Vulnerabilities and Exposures (CVE) project: ---------------------------------------------------
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1022 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
Acknowledgements:
-
Special thanks to Vladimir Toncar and Pavel Dobry and the whole Technical Team from Kerio Technologies (support at kerio.com) for their quick response and professional handling on this issue.
-
The whole Research Lab at dotpi.com and specially to Carlos Veira for his leadership and support.
-
Secure Computer Group at University of A Coruna (scg at udc.es), and specially to Antonino Santos del Riego powering new research paths at University of a Coruna.
Credits:
Javier Munoz (Secure Computer Group) is credited with this discovery.
Related Links:
[1] Kerio Technologies Inc. http://www.kerio.com/
[2] Kerio WinRoute Firewall Downloads & Updates http://www.kerio.com/kwf_download.html
[3] Kerio ServerFirewall Downloads & Updates http://www.kerio.com/ksf_download.html
[4] Kerio MailServer Downloads & Updates http://www.kerio.com/kms_download.html
[5] Secure Computer Group. University of A Coruna http://research.tic.udc.es/scg/
[6] Secure Computer Group. Updated advisory http://research.tic.udc.es/scg/advisories/20041214-1.txt
[7] dotpi.com Information Technologies S.L. http://www.dotpi.com/
[8] dotpi.com Research Labs http://www.dotpi.com/research/
Legal notice:
Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna Copyright (c) 2004 dotpi.com Information Technologies S.L.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of the authors.
If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please contact the authors for explicit written permission at the following e-mail addresses: (scg at udc.es) and (info at dotpi.com).
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200501-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.1"
},
{
"model": "serverfirewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "1.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.9"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.8"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.7"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.6.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.6.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.6.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0"
},
{
"model": "winroute firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "serverfirewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "1.0.1"
},
{
"model": "mailserver",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.5"
}
],
"sources": [
{
"db": "BID",
"id": "11930"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
},
{
"db": "NVD",
"id": "CVE-2004-1022"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this vulnerability is credited to Secure Computer Group \u003cscg@udc.es\u003e.",
"sources": [
{
"db": "BID",
"id": "11930"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
],
"trust": 0.9
},
"cve": "CVE-2004-1022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2004-1022",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-9452",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-1022",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200501-095",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-9452",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9452"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
},
{
"db": "NVD",
"id": "CVE-2004-1022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. Kerio WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer are all reported prone to a design flaw. It is reported that these products store credentials in a local database store, these credentials are obscured using an unspecified symmetric encryption algorithm. Reports indicate that a universal secret key is employed to extract plain text from the credential hashes; this presents a security risk because the universal secret key is stored in the WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer binaries. Kerio is an Internet security software company whose main products include firewall and mail system. ______________________________________________________________________\n\n\n Secure Computer Group - University of A Coruna\n http://research.tic.udc.es/scg/\n\n -- x --\n\n dotpi.com Information Technologies Research Labs\n http://www.dotpi.com\n\n______________________________________________________________________\n\nID: #20041214-1\nDocument title: Insecure Credential Storage on Kerio\n Software\nDocument revision: 1.0\n\nCoordinated release date: 2004/12/14\nVendor Acknowledge date: 2004/10/06\nReported date: 2004/10/01\n\nCVE Name: CAN-2004-1022\n\nOther references: N/A\n______________________________________________________________________\n\nSummary:\n\n Impact: Insecure Credential Storage\n Rating/Severity: Medium\n Recommendation: Update to latest version\n\n Vendor: Kerio Technologies Inc. \n\n Affected software: Kerio WinRoute Firewall (all versions)\n Kerio ServerFirewall (all versions)\n Kerio MailServer (all versions)\n\n Updates/Patches: Yes (see below)\n______________________________________________________________________\n\nGeneral Information:\n\n 1. Executive summary:\n ------------------\n\n As a result of its collaboration relationship the Secure Computer\n Group (SCG) along with dotpi.com Research Labs have determined\n this security issue on Kerio WinRoute Firewall (KWF), Kerio\n ServerFirewall (KSF) and Kerio MailServer (KMS). \n\n Anyone with a cyphertext of this database (that is, with access to\n the configuration files) could reverse the encryption using a\n universal secret key hidden into the program logic. \n\n New versions of the software solve this and other minor problems\n so it is upgrade its highly recommended. \n\n\n 2. Technical details:\n ------------------\n\n Following the latest trends and approaches to responsible\n disclosure, SCG and dotpi.com are going to withhold details of\n this flaw for three months. \n\n Full details will be published on 2005/03/14. This three month\n window will allow system administrators the time needed to\n obtain the patch before the details are released to the general\n public. \n\n\n 3. Risk Assessment factors:\n ------------------------\n\n The attacker needs access to the user database, which is not\n normally a usual condition on a properly hardened firewall and/or\n mail server. \n\n Despite this, special care should be taken on shared environments\n where more than one technical staff work together on the firewall\n and/or the mail server. This kind of scenarios offer a potential\n opportunity for the insiders on the work of stealing identities\n and, therefore, breaking access control measures. \n\n It is also important to note that this could be an important\n second-stage resource for a successful attacker on an already\n compromised firewall and/or mail server. \n\n\n 4. Solutions and recommendations:\n ------------------------------\n\n Upgrade to the latest versions:\n\n \to Kerio Winroute Firewall 6.0.9\n\n \to Kerio ServerFirewall 1.0.1\n\n \to Kerio MailServer 6.0.5\n\n As in any other case, follow, as much as possible, the Industry\n \u0027Best Practices\u0027 on Planning, Deployment and Operation on this\n kind of services. \n\n Note:\n\n Kerio Winroute Firewall 6.0.7 fixed CAN-2004-1022. Kerio Winroute\n Firewall 6.0.9 is the current version fixing CAN-2004-1022 and\n CAN-2004-1023\n\n\n 5. Common Vulnerabilities and Exposures (CVE) project:\n ---------------------------------------------------\n\n The Common Vulnerabilities and Exposures (CVE) project has\n assigned the name CAN-2004-1022 to this issue. This is a\n candidate for inclusion in the CVE list (http://cve.mitre.org),\n which standardizes names for security problems. \n\n______________________________________________________________________\n\nAcknowledgements:\n\n 1. Special thanks to Vladimir Toncar and Pavel Dobry and the whole\n Technical Team from Kerio Technologies (support at kerio.com)\n for their quick response and professional handling on this issue. \n\n 3. The whole Research Lab at dotpi.com and specially to Carlos Veira\n for his leadership and support. \n\n 3. Secure Computer Group at University of A Coruna (scg at udc.es),\n and specially to Antonino Santos del Riego powering new research\n paths at University of a Coruna. \n\n______________________________________________________________________\n\nCredits:\n\n Javier Munoz (Secure Computer Group) is credited with this discovery. \n\n______________________________________________________________________\n\nRelated Links:\n\n [1] Kerio Technologies Inc. \n http://www.kerio.com/\n\n [2] Kerio WinRoute Firewall Downloads \u0026 Updates\n http://www.kerio.com/kwf_download.html\n\n [3] Kerio ServerFirewall Downloads \u0026 Updates\n http://www.kerio.com/ksf_download.html\n\n [4] Kerio MailServer Downloads \u0026 Updates\n http://www.kerio.com/kms_download.html\n\n [5] Secure Computer Group. University of A Coruna\n http://research.tic.udc.es/scg/\n\n [6] Secure Computer Group. Updated advisory\n http://research.tic.udc.es/scg/advisories/20041214-1.txt\n\n [7] dotpi.com Information Technologies S.L. \n http://www.dotpi.com/\n\n [8] dotpi.com Research Labs\n http://www.dotpi.com/research/\n\n______________________________________________________________________\n\nLegal notice:\n\n Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna\n Copyright (c) 2004 dotpi.com Information Technologies S.L. \n\n Permission is granted for the redistribution of this alert\n electronically. It may not be edited in any way without the express\n written consent of the authors. \n\n If you wish to reprint the whole or any part of this alert in any\n other medium other than electronically, please contact the authors\n for explicit written permission at the following e-mail addresses:\n (scg at udc.es) and (info at dotpi.com). \n\n Disclaimer: The information in the advisory is believed to be\n accurate at the time of publishing based on currently available\n information. Use of the information constitutes acceptance for use\n in an AS IS condition. \n\n There are no warranties with regard to this information. Neither the\n author nor the publisher accepts any liability for any direct,\n indirect, or consequential loss or damage arising from use of, or\n reliance on, this information. \n_____________________________________________________________________\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1022"
},
{
"db": "BID",
"id": "11930"
},
{
"db": "VULHUB",
"id": "VHN-9452"
},
{
"db": "PACKETSTORM",
"id": "35331"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-1022",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20041214 [CAN-2004-1022] INSECURE CREDENTIAL STORAGE ON KERIO SOFTWARE",
"trust": 0.6
},
{
"db": "XF",
"id": "18470",
"trust": 0.6
},
{
"db": "BID",
"id": "11930",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "35331",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-9452",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9452"
},
{
"db": "BID",
"id": "11930"
},
{
"db": "PACKETSTORM",
"id": "35331"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
},
{
"db": "NVD",
"id": "CVE-2004-1022"
}
]
},
"id": "VAR-200501-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9452"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:37:32.770000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/18470"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kms_history.html"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/ksf_history.html"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kwf_history.html"
},
{
"trust": 0.3,
"url": "/archive/1/384375"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=110304957607578\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1022"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com/"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://research.tic.udc.es/scg/advisories/20041214-1.txt"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/ksf_download.html"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kms_download.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com/research/"
},
{
"trust": 0.1,
"url": "http://research.tic.udc.es/scg/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9452"
},
{
"db": "BID",
"id": "11930"
},
{
"db": "PACKETSTORM",
"id": "35331"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
},
{
"db": "NVD",
"id": "CVE-2004-1022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9452"
},
{
"db": "BID",
"id": "11930"
},
{
"db": "PACKETSTORM",
"id": "35331"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
},
{
"db": "NVD",
"id": "CVE-2004-1022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-9452"
},
{
"date": "2004-12-14T00:00:00",
"db": "BID",
"id": "11930"
},
{
"date": "2004-12-30T07:17:55",
"db": "PACKETSTORM",
"id": "35331"
},
{
"date": "2005-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-095"
},
{
"date": "2005-01-10T05:00:00",
"db": "NVD",
"id": "CVE-2004-1022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9452"
},
{
"date": "2009-07-12T09:26:00",
"db": "BID",
"id": "11930"
},
{
"date": "2006-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-095"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-1022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "11930"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Multiple products Weak encryption vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "11930"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
],
"trust": 0.9
}
}
VAR-200512-0067
Vulnerability from variot - Updated: 2025-04-03 22:33Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams. This may aid in further attacks.
TITLE: Kerio WinRoute Firewall Potential Denial of Service and Security Bypass
SECUNIA ADVISORY ID: SA17519
VERIFY ADVISORY: http://secunia.com/advisories/17519/
CRITICAL: Less critical
IMPACT: Security Bypass, DoS
WHERE:
From remote
SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/
DESCRIPTION: Two vulnerabilities have been reported in Kerio WinRoute Firewall which potentially can be exploited by malicious users to cause a (DoS) Denial of Service and to bypass certain security restrictions.
2) An error in the handling of user authentication may allow users to be successfully authenticated even when their accounts are disabled.
Some other errors, which may be security related, have also been fixed.
SOLUTION: Update to version 6.1.3 http://www.kerio.com/kwf_download.html
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.11"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.3"
}
],
"sources": [
{
"db": "BID",
"id": "15387"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-443"
},
{
"db": "NVD",
"id": "CVE-2005-4425"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-443"
}
],
"trust": 0.6
},
"cve": "CVE-2005-4425",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-4425",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-15633",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-4425",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-443",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-15633",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15633"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-443"
},
{
"db": "NVD",
"id": "CVE-2005-4425"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams. This may aid in further attacks. \n\nTITLE:\nKerio WinRoute Firewall Potential Denial of Service and Security\nBypass\n\nSECUNIA ADVISORY ID:\nSA17519\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17519/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, DoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nKerio WinRoute Firewall 6.x\nhttp://secunia.com/product/3613/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Kerio WinRoute Firewall\nwhich potentially can be exploited by malicious users to cause a\n(DoS) Denial of Service and to bypass certain security restrictions. \r\n\r\n2) An error in the handling of user authentication may allow users to\nbe successfully authenticated even when their accounts are disabled. \r\n\r\nSome other errors, which may be security related, have also been\nfixed. \n\nSOLUTION:\nUpdate to version 6.1.3\r\nhttp://www.kerio.com/kwf_download.html\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nhttp://www.kerio.com/kwf_history.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4425"
},
{
"db": "BID",
"id": "15387"
},
{
"db": "VULHUB",
"id": "VHN-15633"
},
{
"db": "PACKETSTORM",
"id": "41477"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "15387",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17519",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2005-4425",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-2391",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-443",
"trust": 0.7
},
{
"db": "XF",
"id": "23034",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-15633",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "41477",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15633"
},
{
"db": "BID",
"id": "15387"
},
{
"db": "PACKETSTORM",
"id": "41477"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-443"
},
{
"db": "NVD",
"id": "CVE-2005-4425"
}
]
},
"id": "VAR-200512-0067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-15633"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:33:00.182000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4425"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.kerio.com/kwf_history.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15387"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17519"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/2391"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23034"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/23034"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/2391"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kwf_home.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3613/"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17519/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15633"
},
{
"db": "BID",
"id": "15387"
},
{
"db": "PACKETSTORM",
"id": "41477"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-443"
},
{
"db": "NVD",
"id": "CVE-2005-4425"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-15633"
},
{
"db": "BID",
"id": "15387"
},
{
"db": "PACKETSTORM",
"id": "41477"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-443"
},
{
"db": "NVD",
"id": "CVE-2005-4425"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-15633"
},
{
"date": "2005-11-11T00:00:00",
"db": "BID",
"id": "15387"
},
{
"date": "2005-11-11T23:52:11",
"db": "PACKETSTORM",
"id": "41477"
},
{
"date": "2005-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-443"
},
{
"date": "2005-12-20T11:03:00",
"db": "NVD",
"id": "CVE-2005-4425"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-15633"
},
{
"date": "2005-11-11T00:00:00",
"db": "BID",
"id": "15387"
},
{
"date": "2005-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-443"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-4425"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-443"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall RTSP Stream Denial of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "15387"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-443"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-443"
}
],
"trust": 0.6
}
}
VAR-200512-0601
Vulnerability from variot - Updated: 2025-04-03 22:33Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled. This issue is most likely due to an authentication error within the application. This may lead to a false sense of security.
TITLE: Kerio WinRoute Firewall Potential Denial of Service and Security Bypass
SECUNIA ADVISORY ID: SA17519
VERIFY ADVISORY: http://secunia.com/advisories/17519/
CRITICAL: Less critical
IMPACT: Security Bypass, DoS
WHERE:
From remote
SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/
DESCRIPTION: Two vulnerabilities have been reported in Kerio WinRoute Firewall which potentially can be exploited by malicious users to cause a (DoS) Denial of Service and to bypass certain security restrictions.
1) An error in the handling of RTSP streams from certain RTSP servers may cause the service to crash.
Some other errors, which may be security related, have also been fixed.
SOLUTION: Update to version 6.1.3 http://www.kerio.com/kwf_download.html
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0601",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "kerio",
"version": "5.1.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "kerio",
"version": "5.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "kerio",
"version": "5.1.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "kerio",
"version": "5.1.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "kerio",
"version": "5.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "kerio",
"version": "5.1.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "kerio",
"version": "5.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "kerio",
"version": "5.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "kerio",
"version": "5.1.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.11"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.3"
}
],
"sources": [
{
"db": "BID",
"id": "15388"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-181"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-181"
}
],
"trust": 0.6
},
"cve": "CVE-2005-4157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-4157",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-15365",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-4157",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-181",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-15365",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15365"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-181"
},
{
"db": "NVD",
"id": "CVE-2005-4157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled. This issue is most likely due to an authentication error within the application. This may lead to a false sense of security. \n\nTITLE:\nKerio WinRoute Firewall Potential Denial of Service and Security\nBypass\n\nSECUNIA ADVISORY ID:\nSA17519\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17519/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, DoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nKerio WinRoute Firewall 6.x\nhttp://secunia.com/product/3613/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Kerio WinRoute Firewall\nwhich potentially can be exploited by malicious users to cause a\n(DoS) Denial of Service and to bypass certain security restrictions. \r\n\r\n1) An error in the handling of RTSP streams from certain RTSP servers\nmay cause the service to crash. \r\n\r\nSome other errors, which may be security related, have also been\nfixed. \n\nSOLUTION:\nUpdate to version 6.1.3\r\nhttp://www.kerio.com/kwf_download.html\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nhttp://www.kerio.com/kwf_history.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4157"
},
{
"db": "BID",
"id": "15388"
},
{
"db": "VULHUB",
"id": "VHN-15365"
},
{
"db": "PACKETSTORM",
"id": "41477"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "15388",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17519",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1015194",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-2391",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-4157",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-181",
"trust": 0.7
},
{
"db": "XF",
"id": "23035",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-15365",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "41477",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15365"
},
{
"db": "BID",
"id": "15388"
},
{
"db": "PACKETSTORM",
"id": "41477"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-181"
},
{
"db": "NVD",
"id": "CVE-2005-4157"
}
]
},
"id": "VAR-200512-0601",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-15365"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:33:00.153000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.kerio.com/kwf_history.html"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/17519/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15388/"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/alerts/2005/nov/1015194.html"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/2391"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23035"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/23035"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/2391"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kwf_home.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3613/"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15365"
},
{
"db": "BID",
"id": "15388"
},
{
"db": "PACKETSTORM",
"id": "41477"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-181"
},
{
"db": "NVD",
"id": "CVE-2005-4157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-15365"
},
{
"db": "BID",
"id": "15388"
},
{
"db": "PACKETSTORM",
"id": "41477"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-181"
},
{
"db": "NVD",
"id": "CVE-2005-4157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-15365"
},
{
"date": "2005-11-11T00:00:00",
"db": "BID",
"id": "15388"
},
{
"date": "2005-11-11T23:52:11",
"db": "PACKETSTORM",
"id": "41477"
},
{
"date": "2005-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-181"
},
{
"date": "2005-12-11T02:03:00",
"db": "NVD",
"id": "CVE-2005-4157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-15365"
},
{
"date": "2005-11-11T00:00:00",
"db": "BID",
"id": "15388"
},
{
"date": "2005-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-181"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-4157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall Unknown vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-181"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-181"
}
],
"trust": 0.6
}
}
VAR-200607-0364
Vulnerability from variot - Updated: 2025-04-03 22:31kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread. Sunbelt Kerio Personal Firewall is prone to a denial-of-service vulnerability. This issue can occur when a program calls the 'CreateRemoteThread' Windows API call. Exploitation of this vulnerability could cause the firewall application to crash. This could expose the computer to further attacks. The individual who discovered this vulnerability claims to have tested it on Sunbelt Kerio Personal Firewall versions 4.3.246 and 4.2.3.912. They were unable to reproduce the vulnerability on version 4.2.3.912, which is an older release. The vulnerable functionality may have been introduced at some point after the 4.2.3.912 release, but this has not been confirmed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0364",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "kerio",
"version": "4.3.246"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "kerio",
"version": "4.3.268"
},
{
"model": "personal firewall",
"scope": "lt",
"trust": 0.8,
"vendor": "kerio",
"version": "4.3.x"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "kerio",
"version": "4.3.246"
},
{
"model": "software kerio personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "sunbelt",
"version": "4.3.426"
},
{
"model": "software kerio personal firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "sunbelt",
"version": "4.2.3912"
}
],
"sources": [
{
"db": "BID",
"id": "18996"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002875"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-390"
},
{
"db": "NVD",
"id": "CVE-2006-3787"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:kerio:personal_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002875"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to David Matousek.",
"sources": [
{
"db": "BID",
"id": "18996"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-390"
}
],
"trust": 0.9
},
"cve": "CVE-2006-3787",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2006-3787",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-19895",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3787",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2006-3787",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-390",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-19895",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2006-3787",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19895"
},
{
"db": "VULMON",
"id": "CVE-2006-3787"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002875"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-390"
},
{
"db": "NVD",
"id": "CVE-2006-3787"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread. Sunbelt Kerio Personal Firewall is prone to a denial-of-service vulnerability. This issue can occur when a program calls the \u0027CreateRemoteThread\u0027 Windows API call. \nExploitation of this vulnerability could cause the firewall application to crash. This could expose the computer to further attacks. \nThe individual who discovered this vulnerability claims to have tested it on Sunbelt Kerio Personal Firewall versions 4.3.246 and 4.2.3.912. They were unable to reproduce the vulnerability on version 4.2.3.912, which is an older release. The vulnerable functionality may have been introduced at some point after the 4.2.3.912 release, but this has not been confirmed",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3787"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002875"
},
{
"db": "BID",
"id": "18996"
},
{
"db": "VULHUB",
"id": "VHN-19895"
},
{
"db": "VULMON",
"id": "CVE-2006-3787"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-19895",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=28228",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19895"
},
{
"db": "VULMON",
"id": "CVE-2006-3787"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-3787",
"trust": 2.6
},
{
"db": "BID",
"id": "18996",
"trust": 2.1
},
{
"db": "VUPEN",
"id": "ADV-2006-2828",
"trust": 1.8
},
{
"db": "SREASON",
"id": "1260",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "21060",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002875",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200607-390",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060715 KERIO TERMINATING \u0027KPF4SS.EXE\u0027 USING INTERNAL RUNTIME ERROR VULNERABILITY",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "28228",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-81805",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-19895",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2006-3787",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19895"
},
{
"db": "VULMON",
"id": "CVE-2006-3787"
},
{
"db": "BID",
"id": "18996"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002875"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-390"
},
{
"db": "NVD",
"id": "CVE-2006-3787"
}
]
},
"id": "VAR-200607-0364",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19895"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:31:26.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Personal Firewall",
"trust": 0.8,
"url": "http://www.vipreantivirus.com/VIPRE-Internet-Security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002875"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3787"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.matousec.com/info/advisories/kerio-terminating-kpf4ss-exe-using-internal-runtime-error.php"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/18996"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/21060"
},
{
"trust": 1.8,
"url": "http://securityreason.com/securityalert/1260"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/440112/100/100/threaded"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2006/2828"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3787"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3787"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/440112/100/100/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/2828"
},
{
"trust": 0.3,
"url": "http://www.sunbelt-software.com/kerio.cfm"
},
{
"trust": 0.3,
"url": "/archive/1/440112"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/28228/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19895"
},
{
"db": "VULMON",
"id": "CVE-2006-3787"
},
{
"db": "BID",
"id": "18996"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002875"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-390"
},
{
"db": "NVD",
"id": "CVE-2006-3787"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-19895"
},
{
"db": "VULMON",
"id": "CVE-2006-3787"
},
{
"db": "BID",
"id": "18996"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002875"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-390"
},
{
"db": "NVD",
"id": "CVE-2006-3787"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-19895"
},
{
"date": "2006-07-24T00:00:00",
"db": "VULMON",
"id": "CVE-2006-3787"
},
{
"date": "2006-07-15T00:00:00",
"db": "BID",
"id": "18996"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002875"
},
{
"date": "2006-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-390"
},
{
"date": "2006-07-24T12:19:00",
"db": "NVD",
"id": "CVE-2006-3787"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-19895"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULMON",
"id": "CVE-2006-3787"
},
{
"date": "2006-07-28T22:27:00",
"db": "BID",
"id": "18996"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002875"
},
{
"date": "2006-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-390"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-3787"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "18996"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-390"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sunbelt Kerio Personal Firewall of kpf4ss.exe Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002875"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-390"
}
],
"trust": 0.6
}
}
VAR-200312-0440
Vulnerability from variot - Updated: 2025-04-03 22:30Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. Reportedly, KPF suffers from a vulnerability whereby the existing firewall filters may be bypassed. This vulnerability exists due to the fact that UDP traffic to and from port 53 is allowed. Allegedly, an attacker may craft a special packet with a source port of 53 and send this packet to a vulnerable system. KPF will allow this packet to proceed thus bypassing the firewall filters
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0440",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.4"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.4"
}
],
"sources": [
{
"db": "BID",
"id": "7436"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-079"
},
{
"db": "NVD",
"id": "CVE-2003-1491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this issue credited to David F. Madrid.",
"sources": [
{
"db": "BID",
"id": "7436"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-079"
}
],
"trust": 0.9
},
"cve": "CVE-2003-1491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-1491",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-8316",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-1491",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-079",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-8316",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2003-1491",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8316"
},
{
"db": "VULMON",
"id": "CVE-2003-1491"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-079"
},
{
"db": "NVD",
"id": "CVE-2003-1491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. Reportedly, KPF suffers from a vulnerability whereby the existing firewall filters may be bypassed. This vulnerability exists due to the fact that UDP traffic to and from port 53 is allowed. \nAllegedly, an attacker may craft a special packet with a source port of 53 and send this packet to a vulnerable system. KPF will allow this packet to proceed thus bypassing the firewall filters",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1491"
},
{
"db": "BID",
"id": "7436"
},
{
"db": "VULHUB",
"id": "VHN-8316"
},
{
"db": "VULMON",
"id": "CVE-2003-1491"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "7436",
"trust": 2.1
},
{
"db": "NVD",
"id": "CVE-2003-1491",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-200312-079",
"trust": 0.7
},
{
"db": "XF",
"id": "11880",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20030422 UDP BYPASSING IN KERIO FIREWALL 2.1.4",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-8316",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2003-1491",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8316"
},
{
"db": "VULMON",
"id": "CVE-2003-1491"
},
{
"db": "BID",
"id": "7436"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-079"
},
{
"db": "NVD",
"id": "CVE-2003-1491"
}
]
},
"id": "VAR-200312-0440",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8316"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:30:48.883000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.1
},
{
"problemtype": "CWE-94",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8316"
},
{
"db": "NVD",
"id": "CVE-2003-1491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/7436"
},
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/0352.html"
},
{
"trust": 1.8,
"url": "http://www.securiteam.com/securitynews/5fp0n1p9pi.html"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11880"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11880"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/16.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8316"
},
{
"db": "VULMON",
"id": "CVE-2003-1491"
},
{
"db": "BID",
"id": "7436"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-079"
},
{
"db": "NVD",
"id": "CVE-2003-1491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-8316"
},
{
"db": "VULMON",
"id": "CVE-2003-1491"
},
{
"db": "BID",
"id": "7436"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-079"
},
{
"db": "NVD",
"id": "CVE-2003-1491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-8316"
},
{
"date": "2003-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2003-1491"
},
{
"date": "2003-04-25T00:00:00",
"db": "BID",
"id": "7436"
},
{
"date": "2003-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-079"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-8316"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2003-1491"
},
{
"date": "2003-04-25T00:00:00",
"db": "BID",
"id": "7436"
},
{
"date": "2003-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-079"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-1491"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-079"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall Firewall Filter Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "7436"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-079"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "7436"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-079"
}
],
"trust": 0.9
}
}
VAR-200305-0035
Vulnerability from variot - Updated: 2025-04-03 22:25Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200305-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.3"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.2"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.1"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.4"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.3"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641012"
},
{
"db": "BID",
"id": "7179"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-022"
},
{
"db": "NVD",
"id": "CVE-2003-0219"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The discovery of this vulnerability has been credited to Emiliano Kargieman, Hernn Gips and Javier Burroni from Core Security Technologies.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-022"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0219",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7048",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0219",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#641012",
"trust": 0.8,
"value": "3.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200305-022",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7048",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641012"
},
{
"db": "VULHUB",
"id": "VHN-7048"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-022"
},
{
"db": "NVD",
"id": "CVE-2003-0219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0219"
},
{
"db": "CERT/CC",
"id": "VU#641012"
},
{
"db": "BID",
"id": "7179"
},
{
"db": "VULHUB",
"id": "VHN-7048"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "7179",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#641012",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2003-0219",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200305-022",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030428 CORE-2003-0305-02: VULNERABILITIES IN KERIO PERSONAL FIREWALL",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7048",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641012"
},
{
"db": "VULHUB",
"id": "VHN-7048"
},
{
"db": "BID",
"id": "7179"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-022"
},
{
"db": "NVD",
"id": "CVE-2003-0219"
}
]
},
"id": "VAR-200305-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7048"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:25:18.883000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.coresecurity.com/common/showdoc.php?idx=314\u0026idxseccion=10"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/7179"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/641012"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=105155734411836\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.kerio.com/kpf_download.html"
},
{
"trust": 0.8,
"url": "http://online.securityfocus.com/bid/7179"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105155734411836\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=105155734411836\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/common/showdoc.php?idx=314\u0026amp;idxseccion=10"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#641012"
},
{
"db": "VULHUB",
"id": "VHN-7048"
},
{
"db": "BID",
"id": "7179"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-022"
},
{
"db": "NVD",
"id": "CVE-2003-0219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#641012"
},
{
"db": "VULHUB",
"id": "VHN-7048"
},
{
"db": "BID",
"id": "7179"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-022"
},
{
"db": "NVD",
"id": "CVE-2003-0219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-13T00:00:00",
"db": "CERT/CC",
"id": "VU#641012"
},
{
"date": "2003-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-7048"
},
{
"date": "2003-04-28T00:00:00",
"db": "BID",
"id": "7179"
},
{
"date": "2003-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-022"
},
{
"date": "2003-05-12T04:00:00",
"db": "NVD",
"id": "CVE-2003-0219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-13T00:00:00",
"db": "CERT/CC",
"id": "VU#641012"
},
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-7048"
},
{
"date": "2003-04-28T00:00:00",
"db": "BID",
"id": "7179"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-022"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall Replay Attack Vulnerability",
"sources": [
{
"db": "BID",
"id": "7179"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-022"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "7179"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-022"
}
],
"trust": 0.9
}
}
VAR-200305-0036
Vulnerability from variot - Updated: 2025-04-03 22:25Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. An exploit for this vulnerability is publicly available. A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessive data size. The application then reads this data into a static memory buffer without first performing sufficient bounds checking. Note that this vulnerability affects Kerio Personal Firewall 2.1.4 and earlier. When the administrator connects to the firewall, a handshake connection will be performed to establish an encrypted session. The fourth packet of the handshake (the first packet is sent by the administrator) contains 4 bytes of data, which has a certain fixed value 0x40 (64) to indicate the follow-up The size of the package containing the admin key. When the firewall side uses recv() to process this data, it does not check the boundary buffer
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200305-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.3"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.2"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.1"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.4"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.3"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1"
},
{
"model": "personal firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Core Security Technologies Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0220",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0220",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7049",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0220",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#454716",
"trust": 0.8,
"value": "14.06"
},
{
"author": "CNNVD",
"id": "CNNVD-200305-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7049",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. An exploit for this vulnerability is publicly available. A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessive data size. The application then reads this data into a static memory buffer without first performing sufficient bounds checking. \nNote that this vulnerability affects Kerio Personal Firewall 2.1.4 and earlier. When the administrator connects to the firewall, a handshake connection will be performed to establish an encrypted session. The fourth packet of the handshake (the first packet is sent by the administrator) contains 4 bytes of data, which has a certain fixed value 0x40 (64) to indicate the follow-up The size of the package containing the admin key. When the firewall side uses recv() to process this data, it does not check the boundary buffer",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0220"
},
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "VULHUB",
"id": "VHN-7049"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-7049",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7049"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "7180",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#454716",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2003-0220",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030428 CORE-2003-0305-02: VULNERABILITIES IN KERIO PERSONAL FIREWALL",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "1537",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16465",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22418",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "28",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22417",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-62726",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-70979",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76221",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76220",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-63390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82995",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-7049",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"id": "VAR-200305-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7049"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:25:18.854000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.coresecurity.com/common/showdoc.php?idx=314\u0026idxseccion=10"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/7180"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/454716"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/pfexploit.c"
},
{
"trust": 1.4,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105155734411836\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=105155734411836\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/kerio-overflow.py"
},
{
"trust": 0.8,
"url": "http://www.s0h.cc/~threat/goodies/pfpatch/sources_pfpatch.zip"
},
{
"trust": 0.8,
"url": "http://www.s0h.cc/~threat/goodies/pfpatch/pfpatch.exe"
},
{
"trust": 0.8,
"url": "http://www.kerio.com/kpf_download.html "
},
{
"trust": 0.8,
"url": "http://online.securityfocus.com/bid/7180"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/617ed23b85dc3446ba56bfb7ed827a6b.html"
},
{
"trust": 0.3,
"url": "/archive/1/320911"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=105155734411836\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/common/showdoc.php?idx=314\u0026amp;idxseccion=10"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-12T00:00:00",
"db": "CERT/CC",
"id": "VU#454716"
},
{
"date": "2003-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-7049"
},
{
"date": "2003-04-28T00:00:00",
"db": "BID",
"id": "7180"
},
{
"date": "2003-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"date": "2003-05-12T04:00:00",
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-13T00:00:00",
"db": "CERT/CC",
"id": "VU#454716"
},
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-7049"
},
{
"date": "2007-10-16T18:27:00",
"db": "BID",
"id": "7180"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall vulnerable to buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
],
"trust": 0.9
}
}
VAR-200412-0260
Vulnerability from variot - Updated: 2025-04-03 22:25Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service (connection loss). Multiple unspecified remote vulnerabilities reportedly affect Kerio's WinRoute Firewall. These issues are likely due to design errors and a failure or the application to properly handle malformed network data, although this is not verified. The first issue is a remote denial of service that may cause the affected computer to crash or hang. The second issue is a DNS cache poisoning vulnerability. The final issue is an information disclosure vulnerability. An attacker may exploit these issues to gain access to otherwise restricted information and manipulate the DNS cache of the affected firewall, potentially facilitating further attacks against the affected network. Also an attacker may leverage these issues to cause the affected computer to crash or hang, facilitating a denial of service condition. TITLE: Kerio WinRoute Firewall Unspecified DNS Cache Poisoning Vulnerability
SECUNIA ADVISORY ID: SA13374
VERIFY ADVISORY: http://secunia.com/advisories/13374/
CRITICAL: Moderately critical
IMPACT: Spoofing, Manipulation of data
WHERE:
From remote
SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/
DESCRIPTION: A vulnerability has been reported in Kerio WinRoute Firewall, which can be exploited by malicious people to poison the DNS cache.
The vulnerability is caused due to an unspecified error and can be exploited to insert fake information in the DNS cache.
The vulnerability has been reported in version 6.0.8. Prior versions may also be affected.
NOTE: Other issues have also been fixed, where some may be security related.
SOLUTION: Update to version 6.0.9. http://www.kerio.com/kwf_download.html
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.9"
}
],
"sources": [
{
"db": "BID",
"id": "11870"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-708"
},
{
"db": "NVD",
"id": "CVE-2004-2483"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The individual or individuals responsible for the discovery of these issues are currently unknown; the vendor disclosed these issues.",
"sources": [
{
"db": "BID",
"id": "11870"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-708"
}
],
"trust": 0.9
},
"cve": "CVE-2004-2483",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-2483",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-10911",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2483",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-708",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10911",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10911"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-708"
},
{
"db": "NVD",
"id": "CVE-2004-2483"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service (connection loss). Multiple unspecified remote vulnerabilities reportedly affect Kerio\u0027s WinRoute Firewall. These issues are likely due to design errors and a failure or the application to properly handle malformed network data, although this is not verified. \nThe first issue is a remote denial of service that may cause the affected computer to crash or hang. The second issue is a DNS cache poisoning vulnerability. The final issue is an information disclosure vulnerability. \nAn attacker may exploit these issues to gain access to otherwise restricted information and manipulate the DNS cache of the affected firewall, potentially facilitating further attacks against the affected network. Also an attacker may leverage these issues to cause the affected computer to crash or hang, facilitating a denial of service condition. \nTITLE:\nKerio WinRoute Firewall Unspecified DNS Cache Poisoning Vulnerability\n\nSECUNIA ADVISORY ID:\nSA13374\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/13374/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSpoofing, Manipulation of data\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nKerio WinRoute Firewall 6.x\nhttp://secunia.com/product/3613/\n\nDESCRIPTION:\nA vulnerability has been reported in Kerio WinRoute Firewall, which\ncan be exploited by malicious people to poison the DNS cache. \n\nThe vulnerability is caused due to an unspecified error and can be\nexploited to insert fake information in the DNS cache. \n\nThe vulnerability has been reported in version 6.0.8. Prior versions\nmay also be affected. \n\nNOTE: Other issues have also been fixed, where some may be security\nrelated. \n\nSOLUTION:\nUpdate to version 6.0.9. \nhttp://www.kerio.com/kwf_download.html\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2483"
},
{
"db": "BID",
"id": "11870"
},
{
"db": "VULHUB",
"id": "VHN-10911"
},
{
"db": "PACKETSTORM",
"id": "35286"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11870",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "13374",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2004-2483",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "12294",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "12293",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-708",
"trust": 0.7
},
{
"db": "XF",
"id": "18410",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-10911",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "35286",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10911"
},
{
"db": "BID",
"id": "11870"
},
{
"db": "PACKETSTORM",
"id": "35286"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-708"
},
{
"db": "NVD",
"id": "CVE-2004-2483"
}
]
},
"id": "VAR-200412-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10911"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:25:11.889000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2483"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11870"
},
{
"trust": 1.7,
"url": "http://www.kerio.com/security_advisory.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/12293"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/12294"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/13374"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18410"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/18410"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kwf_home.html"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kwf_history.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3613/"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/13374/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10911"
},
{
"db": "BID",
"id": "11870"
},
{
"db": "PACKETSTORM",
"id": "35286"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-708"
},
{
"db": "NVD",
"id": "CVE-2004-2483"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10911"
},
{
"db": "BID",
"id": "11870"
},
{
"db": "PACKETSTORM",
"id": "35286"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-708"
},
{
"db": "NVD",
"id": "CVE-2004-2483"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10911"
},
{
"date": "2004-12-10T00:00:00",
"db": "BID",
"id": "11870"
},
{
"date": "2004-12-12T19:36:48",
"db": "PACKETSTORM",
"id": "35286"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-708"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2483"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10911"
},
{
"date": "2004-12-10T00:00:00",
"db": "BID",
"id": "11870"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-708"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-2483"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-708"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Multiple undefined remote vulnerabilities in firmware",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-708"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "11870"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-708"
}
],
"trust": 0.9
}
}
VAR-200412-1160
Vulnerability from variot - Updated: 2025-04-03 22:21The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13". The issue presents itself when Web Filtering procedures handle a URI that contains certain characters. Kerio Personal Firewall is a personal desktop firewall. Kerio Personal Firewall uses a web-filter to receive URLs and return the requested content to the browser. WEB filter blocks ads, pop-ups, etc. If the submitted URL contains illegal data (like \%13\%12\%13), the program will crash during processing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "kerio",
"version": "4.0.10"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "kerio",
"version": "4.0.9"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "kerio",
"version": "4.0.8"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "kerio",
"version": "4.0.7"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "kerio",
"version": "4.0.6"
}
],
"sources": [
{
"db": "BID",
"id": "10075"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-628"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emmanouel Kellinis\u203b me@cipher.org.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-628"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1907",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2004-1907",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-10336",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-1907",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-628",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-10336",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10336"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-628"
},
{
"db": "NVD",
"id": "CVE-2004-1907"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing \"%13%12%13\". The issue presents itself when Web Filtering procedures handle a URI that contains certain characters. Kerio Personal Firewall is a personal desktop firewall. Kerio Personal Firewall uses a web-filter to receive URLs and return the requested content to the browser. WEB filter blocks ads, pop-ups, etc. If the submitted URL contains illegal data (like \\\\%13\\\\%12\\\\%13), the program will crash during processing",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1907"
},
{
"db": "BID",
"id": "10075"
},
{
"db": "VULHUB",
"id": "VHN-10336"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-10336",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10336"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "10075",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-1907",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "11331",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-628",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20040407 KERIO PERSONAL FIREWALL 4.0.13 - REMOTE DOS (CRASH)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040406 KERIO PERSONAL FIREWALL 4 AND IE 6 \"BUG\"",
"trust": 0.6
},
{
"db": "XF",
"id": "15821",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6293",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-77668",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "23925",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-10336",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10336"
},
{
"db": "BID",
"id": "10075"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-628"
},
{
"db": "NVD",
"id": "CVE-2004-1907"
}
]
},
"id": "VAR-200412-1160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10336"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:21:52.728000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1907"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/10075"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0061.html"
},
{
"trust": 1.7,
"url": "http://www.cipher.org.uk/index.php?p=advisories/hex-kerio_personal_firewall_remote_dos_7-04-2004.advisory"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11331"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15821"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108137421524251\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15821"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108137421524251\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6293"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "/archive/1/359693"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108137421524251\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10336"
},
{
"db": "BID",
"id": "10075"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-628"
},
{
"db": "NVD",
"id": "CVE-2004-1907"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10336"
},
{
"db": "BID",
"id": "10075"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-628"
},
{
"db": "NVD",
"id": "CVE-2004-1907"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10336"
},
{
"date": "2004-04-07T00:00:00",
"db": "BID",
"id": "10075"
},
{
"date": "2004-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-628"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1907"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10336"
},
{
"date": "2004-04-07T00:00:00",
"db": "BID",
"id": "10075"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-628"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-1907"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-628"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall Remote Denial of Service Attack Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-628"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-628"
}
],
"trust": 0.6
}
}
VAR-200601-0385
Vulnerability from variot - Updated: 2025-04-03 22:19Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. An attacker can exploit this vulnerability to crash the affected service, effectively disabling the firewall. This may aid in further attacks. Kerio WinRoute firewall is an enterprise gateway firewall suitable for small and medium businesses. There are loopholes in Kerio WinRoute's handling of specific web browsing operations, and remote attackers may use the loopholes to perform denial-of-service attacks on the firewall.
TITLE: Kerio WinRoute Firewall Web Browsing Denial of Service
SECUNIA ADVISORY ID: SA18589
VERIFY ADVISORY: http://secunia.com/advisories/18589/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/
DESCRIPTION: A vulnerability has been reported in Kerio WinRoute Firewall, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION: Update to version 6.1.4 Patch 2. http://www.kerio.com/kwf_download.html
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200601-0385",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "5.1.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "5.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "5.1.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "6.1.4_patch_1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "5.1.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "5.1.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "6.0.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.11"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.1.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.1.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.1.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.1.3_patch1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.0.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "5.0.3"
},
{
"model": "winroute firewall patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.41"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall patch",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.42"
}
],
"sources": [
{
"db": "BID",
"id": "16385"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-250"
},
{
"db": "NVD",
"id": "CVE-2006-0336"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported by the vendor.",
"sources": [
{
"db": "BID",
"id": "16385"
}
],
"trust": 0.3
},
"cve": "CVE-2006-0336",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-0336",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-16444",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-0336",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200601-250",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-16444",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2006-0336",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16444"
},
{
"db": "VULMON",
"id": "CVE-2006-0336"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-250"
},
{
"db": "NVD",
"id": "CVE-2006-0336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving \"browsing the web\". Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this vulnerability to crash the affected service, effectively disabling the firewall. This may aid in further attacks. Kerio WinRoute firewall is an enterprise gateway firewall suitable for small and medium businesses. There are loopholes in Kerio WinRoute\u0027s handling of specific web browsing operations, and remote attackers may use the loopholes to perform denial-of-service attacks on the firewall. \n\nTITLE:\nKerio WinRoute Firewall Web Browsing Denial of Service\n\nSECUNIA ADVISORY ID:\nSA18589\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18589/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nKerio WinRoute Firewall 6.x\nhttp://secunia.com/product/3613/\n\nDESCRIPTION:\nA vulnerability has been reported in Kerio WinRoute Firewall, which\npotentially can be exploited by malicious people to cause a DoS\n(Denial of Service). \n\nSOLUTION:\nUpdate to version 6.1.4 Patch 2. \nhttp://www.kerio.com/kwf_download.html\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nhttp://www.kerio.com/kwf_history.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0336"
},
{
"db": "BID",
"id": "16385"
},
{
"db": "VULHUB",
"id": "VHN-16444"
},
{
"db": "VULMON",
"id": "CVE-2006-0336"
},
{
"db": "PACKETSTORM",
"id": "43368"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "16385",
"trust": 2.1
},
{
"db": "NVD",
"id": "CVE-2006-0336",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "18589",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2006-0324",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "22631",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-200601-250",
"trust": 0.7
},
{
"db": "XF",
"id": "24317",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-16444",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2006-0336",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43368",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16444"
},
{
"db": "VULMON",
"id": "CVE-2006-0336"
},
{
"db": "BID",
"id": "16385"
},
{
"db": "PACKETSTORM",
"id": "43368"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-250"
},
{
"db": "NVD",
"id": "CVE-2006-0336"
}
]
},
"id": "VAR-200601-0385",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-16444"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:19:02.853000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0336"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.kerio.com/kwf_history.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/16385"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/22631"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/18589"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2006/0324"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24317"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24317"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0324"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kwf_home.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3613/"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16444"
},
{
"db": "VULMON",
"id": "CVE-2006-0336"
},
{
"db": "BID",
"id": "16385"
},
{
"db": "PACKETSTORM",
"id": "43368"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-250"
},
{
"db": "NVD",
"id": "CVE-2006-0336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-16444"
},
{
"db": "VULMON",
"id": "CVE-2006-0336"
},
{
"db": "BID",
"id": "16385"
},
{
"db": "PACKETSTORM",
"id": "43368"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-250"
},
{
"db": "NVD",
"id": "CVE-2006-0336"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-16444"
},
{
"date": "2006-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2006-0336"
},
{
"date": "2006-01-25T00:00:00",
"db": "BID",
"id": "16385"
},
{
"date": "2006-01-25T17:27:50",
"db": "PACKETSTORM",
"id": "43368"
},
{
"date": "2006-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200601-250"
},
{
"date": "2006-01-21T00:03:00",
"db": "NVD",
"id": "CVE-2006-0336"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-16444"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2006-0336"
},
{
"date": "2006-02-07T20:54:00",
"db": "BID",
"id": "16385"
},
{
"date": "2006-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200601-250"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-0336"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200601-250"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall Web Browse denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200601-250"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200601-250"
}
],
"trust": 0.6
}
}
VAR-200601-0384
Vulnerability from variot - Updated: 2025-04-03 22:19Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML. Kerio WinRoute Firewall is prone to multiple denial of service vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to crash the affected service, effectively disabling the firewall. This may aid in further attacks. Kerio WinRoute firewall is an enterprise gateway firewall suitable for small and medium businesses. Kerio WinRoute has loopholes when processing specific HTML data, and remote attackers may use the loopholes to perform denial-of-service attacks on the firewall.
TITLE: Kerio WinRoute Firewall Denial of Service Vulnerabilities
SECUNIA ADVISORY ID: SA18542
VERIFY ADVISORY: http://secunia.com/advisories/18542/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/
DESCRIPTION: Two vulnerabilities have been reported in Kerio WinRoute Firewall, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
1) An error in the handling of certain data when performing HTML content filtering may be exploited to cause a DoS.
2) An error in the handling of overly long strings fetched from the Active Directory may be exploited to cause a DoS.
Some other errors, which may be security related, have also been fixed.
SOLUTION: Update to version 6.1.4 Patch 1. http://www.kerio.com/kwf_download.html
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200601-0384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "6.1.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "6.1.3_patch1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.11"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.0.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "kerio",
"version": "6.0.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall patch",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.1.41"
}
],
"sources": [
{
"db": "BID",
"id": "16314"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-254"
},
{
"db": "NVD",
"id": "CVE-2006-0335"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200601-254"
}
],
"trust": 0.6
},
"cve": "CVE-2006-0335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-0335",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-16443",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-0335",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200601-254",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-16443",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16443"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-254"
},
{
"db": "NVD",
"id": "CVE-2006-0335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML. Kerio WinRoute Firewall is prone to multiple denial of service vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. \nAn attacker can exploit these vulnerabilities to crash the affected service, effectively disabling the firewall. This may aid in further attacks. Kerio WinRoute firewall is an enterprise gateway firewall suitable for small and medium businesses. Kerio WinRoute has loopholes when processing specific HTML data, and remote attackers may use the loopholes to perform denial-of-service attacks on the firewall. \n\nTITLE:\nKerio WinRoute Firewall Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA18542\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18542/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nKerio WinRoute Firewall 6.x\nhttp://secunia.com/product/3613/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Kerio WinRoute Firewall,\nwhich potentially can be exploited by malicious people to cause a DoS\n(Denial of Service). \n\n1) An error in the handling of certain data when performing HTML\ncontent filtering may be exploited to cause a DoS. \n\n2) An error in the handling of overly long strings fetched from the\nActive Directory may be exploited to cause a DoS. \n\nSome other errors, which may be security related, have also been\nfixed. \n\nSOLUTION:\nUpdate to version 6.1.4 Patch 1. \nhttp://www.kerio.com/kwf_download.html\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nhttp://www.kerio.com/kwf_history.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0335"
},
{
"db": "BID",
"id": "16314"
},
{
"db": "VULHUB",
"id": "VHN-16443"
},
{
"db": "PACKETSTORM",
"id": "43188"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "16314",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "18542",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-0247",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-0335",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "22631",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200601-254",
"trust": 0.7
},
{
"db": "XF",
"id": "24232",
"trust": 0.6
},
{
"db": "XF",
"id": "24233",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-16443",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43188",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16443"
},
{
"db": "BID",
"id": "16314"
},
{
"db": "PACKETSTORM",
"id": "43188"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-254"
},
{
"db": "NVD",
"id": "CVE-2006-0335"
}
]
},
"id": "VAR-200601-0384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-16443"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:19:02.822000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.kerio.com/kwf_history.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16314"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/22631"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18542"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0247"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24233"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24232"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0247"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24233"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24232"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kwf_home.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3613/"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18542/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16443"
},
{
"db": "BID",
"id": "16314"
},
{
"db": "PACKETSTORM",
"id": "43188"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-254"
},
{
"db": "NVD",
"id": "CVE-2006-0335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-16443"
},
{
"db": "BID",
"id": "16314"
},
{
"db": "PACKETSTORM",
"id": "43188"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-254"
},
{
"db": "NVD",
"id": "CVE-2006-0335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-16443"
},
{
"date": "2006-01-19T00:00:00",
"db": "BID",
"id": "16314"
},
{
"date": "2006-01-19T17:33:40",
"db": "PACKETSTORM",
"id": "43188"
},
{
"date": "2006-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200601-254"
},
{
"date": "2006-01-21T00:03:00",
"db": "NVD",
"id": "CVE-2006-0335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-16443"
},
{
"date": "2006-02-07T20:54:00",
"db": "BID",
"id": "16314"
},
{
"date": "2006-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200601-254"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-0335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200601-254"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall Multiple Denial of Service Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "16314"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-254"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "16314"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-254"
}
],
"trust": 0.9
}
}
VAR-201012-0367
Vulnerability from variot - Updated: 2022-05-17 01:41Kerio WinRoute Firewall is a proxy server that enables multiple computers on a company to share a single Internet connection. The WEB filter component in Kerio WinRoute Firewall has an unspecified error and no detailed vulnerability details are available. Kerio Control (formerly Kerio WinRoute Firewall) is prone to an unspecified vulnerability. Very few technical details are currently available. We will update this BID as more information emerges. Versions prior to Kerio WinRoute Firewall 7.1.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "kerio",
"version": "6.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "kerio",
"version": "6.7.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "kerio",
"version": "7.0"
},
{
"model": "winroute firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2991"
},
{
"db": "BID",
"id": "45105"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "45105"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio WinRoute Firewall is a proxy server that enables multiple computers on a company to share a single Internet connection. The WEB filter component in Kerio WinRoute Firewall has an unspecified error and no detailed vulnerability details are available. Kerio Control (formerly Kerio WinRoute Firewall) is prone to an unspecified vulnerability. \nVery few technical details are currently available. We will update this BID as more information emerges. \nVersions prior to Kerio WinRoute Firewall 7.1.0 are vulnerable",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2991"
},
{
"db": "BID",
"id": "45105"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "45105",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2010-2991",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2991"
},
{
"db": "BID",
"id": "45105"
}
]
},
"id": "VAR-201012-0367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2991"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2991"
}
]
},
"last_update_date": "2022-05-17T01:41:37.986000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Kerio Control Web Filter patch for unknown security vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/1909"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.kerio.com/control/historyhttp"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/control/history"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2991"
},
{
"db": "BID",
"id": "45105"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-2991"
},
{
"db": "BID",
"id": "45105"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2991"
},
{
"date": "2010-11-30T00:00:00",
"db": "BID",
"id": "45105"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2991"
},
{
"date": "2010-11-30T00:00:00",
"db": "BID",
"id": "45105"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "45105"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Control Web Filter Unknown Remote Security Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2991"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "45105"
}
],
"trust": 0.3
}
}
CVE-2014-3857 (GCVE-0-2014-3857)
Vulnerability from nvd – Published: 2014-07-03 14:00 – Updated: 2024-08-06 10:57- n/a
| URL | Tags |
|---|---|
| http://secunia.com/advisories/59215 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/33954 | exploitx_refsource_EXPLOIT-DB |
| http://www.kerio.com/support/kerio-control/releas… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/127320/Kerio… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/532607/100… | mailing-listx_refsource_BUGTRAQ |
| http://fereidani.com/articles/show/76_kerio_contr… | x_refsource_MISC |
| http://osvdb.org/show/osvdb/108584 | vdb-entryx_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59215"
},
{
"name": "33954",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/33954"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html"
},
{
"name": "20140630 Kerio Control \u003c= 8.3.1 Boolean-based blind SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532607/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection"
},
{
"name": "108584",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/108584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59215"
},
{
"name": "33954",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/33954"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html"
},
{
"name": "20140630 Kerio Control \u003c= 8.3.1 Boolean-based blind SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532607/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection"
},
{
"name": "108584",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/108584"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59215"
},
{
"name": "33954",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33954"
},
{
"name": "http://www.kerio.com/support/kerio-control/release-history",
"refsource": "CONFIRM",
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"name": "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html"
},
{
"name": "20140630 Kerio Control \u003c= 8.3.1 Boolean-based blind SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532607/100/0/threaded"
},
{
"name": "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection",
"refsource": "MISC",
"url": "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection"
},
{
"name": "108584",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/108584"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3857",
"datePublished": "2014-07-03T14:00:00.000Z",
"dateReserved": "2014-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:17.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3857 (GCVE-0-2014-3857)
Vulnerability from cvelistv5 – Published: 2014-07-03 14:00 – Updated: 2024-08-06 10:57- n/a
| URL | Tags |
|---|---|
| http://secunia.com/advisories/59215 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/33954 | exploitx_refsource_EXPLOIT-DB |
| http://www.kerio.com/support/kerio-control/releas… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/127320/Kerio… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/532607/100… | mailing-listx_refsource_BUGTRAQ |
| http://fereidani.com/articles/show/76_kerio_contr… | x_refsource_MISC |
| http://osvdb.org/show/osvdb/108584 | vdb-entryx_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59215"
},
{
"name": "33954",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/33954"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html"
},
{
"name": "20140630 Kerio Control \u003c= 8.3.1 Boolean-based blind SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532607/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection"
},
{
"name": "108584",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/108584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59215"
},
{
"name": "33954",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/33954"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html"
},
{
"name": "20140630 Kerio Control \u003c= 8.3.1 Boolean-based blind SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532607/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection"
},
{
"name": "108584",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/108584"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59215"
},
{
"name": "33954",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33954"
},
{
"name": "http://www.kerio.com/support/kerio-control/release-history",
"refsource": "CONFIRM",
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"name": "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html"
},
{
"name": "20140630 Kerio Control \u003c= 8.3.1 Boolean-based blind SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532607/100/0/threaded"
},
{
"name": "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection",
"refsource": "MISC",
"url": "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection"
},
{
"name": "108584",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/108584"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3857",
"datePublished": "2014-07-03T14:00:00.000Z",
"dateReserved": "2014-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:17.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}