Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2008-AVI-278
Vulnerability from certfr_avis - Published: 2008-05-29 - Updated: 2008-05-29
Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées. L'exploitation de ces dernières peut avoir plusieurs conséquences, dont des exécutions de codes arbitraires à distance.
Description
Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées :
- le serveur AFP (Apple Filing Protocol) ne vérifie pas correctement la cohérence d'accès entre répertoires et fichiers.
- le serveur Apache est mis à jour en 2.0.63 pour les versions Mac OS X Server v10.4.x ; nouvelle version qui corrige des vulnérabilités permettant des attaques par injection de code indirecte ;
- l'impression d'un document PDF spécialement construit par ATS peut provoquer l'exécution de code arbitraire ;
- l'impression de documents via CUPS à destination d'une imprimante peut permettre sous certaines conditions de récupérer des informations sensibles, y compris si une protection par mot de passe est déployée ;
- des vulnérabilités dans le module Flash Player sont corrigées (cf. CERTA-2008-AVI-197) ;
- les vulnérabilités détaillées dans l'alerte CERTA-2008-ALE-007 concernant iCal sont corrigées ;
- etc.
Solution
Se référer au bulletin de sécurité Apple pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple Mac 0S X versions v10.4.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Mac OS X version v10.5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es :\n\n- le serveur AFP (Apple Filing Protocol) ne v\u00e9rifie pas correctement\n la coh\u00e9rence d\u0027acc\u00e8s entre r\u00e9pertoires et fichiers.\n- le serveur Apache est mis \u00e0 jour en 2.0.63 pour les versions Mac OS\n X Server v10.4.x ; nouvelle version qui corrige des vuln\u00e9rabilit\u00e9s\n permettant des attaques par injection de code indirecte ;\n- l\u0027impression d\u0027un document PDF sp\u00e9cialement construit par ATS peut\n provoquer l\u0027ex\u00e9cution de code arbitraire ;\n- l\u0027impression de documents via CUPS \u00e0 destination d\u0027une imprimante\n peut permettre sous certaines conditions de r\u00e9cup\u00e9rer des\n informations sensibles, y compris si une protection par mot de passe\n est d\u00e9ploy\u00e9e ;\n- des vuln\u00e9rabilit\u00e9s dans le module Flash Player sont corrig\u00e9es (cf.\n CERTA-2008-AVI-197) ;\n- les vuln\u00e9rabilit\u00e9s d\u00e9taill\u00e9es dans l\u0027alerte CERTA-2008-ALE-007\n concernant iCal sont corrig\u00e9es ;\n- etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1574",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1574"
},
{
"name": "CVE-2008-1032",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1032"
},
{
"name": "CVE-2007-3847",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
},
{
"name": "CVE-2008-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1572"
},
{
"name": "CVE-2008-1655",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1655"
},
{
"name": "CVE-2006-3747",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
},
{
"name": "CVE-2007-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
},
{
"name": "CVE-2008-1575",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1575"
},
{
"name": "CVE-2008-1031",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1031"
},
{
"name": "CVE-2008-1571",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1571"
},
{
"name": "CVE-2008-1027",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1027"
},
{
"name": "CVE-2008-1577",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1577"
},
{
"name": "CVE-2008-1576",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1576"
},
{
"name": "CVE-2008-1035",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1035"
},
{
"name": "CVE-2007-6612",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6612"
},
{
"name": "CVE-2005-3357",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3357"
},
{
"name": "CVE-2008-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1573"
},
{
"name": "CVE-2008-1036",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1036"
},
{
"name": "CVE-2008-1028",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1028"
},
{
"name": "CVE-2007-5267",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
},
{
"name": "CVE-2007-5268",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
},
{
"name": "CVE-2008-1033",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1033"
},
{
"name": "CVE-2007-6019",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6019"
},
{
"name": "CVE-2007-5275",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5275"
},
{
"name": "CVE-2008-1030",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1030"
},
{
"name": "CVE-2008-1578",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1578"
},
{
"name": "CVE-2008-1034",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1034"
},
{
"name": "CVE-2007-5269",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
},
{
"name": "CVE-2008-0177",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0177"
},
{
"name": "CVE-2007-6243",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6243"
},
{
"name": "CVE-2008-1579",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1579"
},
{
"name": "CVE-2008-1580",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1580"
},
{
"name": "CVE-2007-6359",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6359"
},
{
"name": "CVE-2008-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1654"
},
{
"name": "CVE-2005-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
},
{
"name": "CVE-2007-0071",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0071"
},
{
"name": "CVE-2007-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
},
{
"name": "CVE-2007-6388",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
},
{
"name": "CVE-2007-1863",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
}
],
"initial_release_date": "2008-05-29T00:00:00",
"last_revision_date": "2008-05-29T00:00:00",
"links": [
{
"title": "Alerte CERTA-2008-ALE-007, \u00ab Multiples vuln\u00e9rabilit\u00e9s dans Apple Ical \u00bb, du 23 mai 2008 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-007/"
},
{
"title": "D\u00e9tails de la mise \u00e0 jour de s\u00e9curit\u00e9 2008-003 / Mac OS X 10.5.3 :",
"url": "http://support.apple.com/kb/HT1897"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple 106704 du 28 mai 2008 :",
"url": "http://docs.info.apple.com/article.html?artnum=106704"
},
{
"title": "Tableau r\u00e9capitulatif des mises \u00e0 jour de s\u00e9curit\u00e9 pour Mac OS X :",
"url": "http://support.apple.com/kb/HT1222?viewlocale=fr_FR"
}
],
"reference": "CERTA-2008-AVI-278",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-05-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es. L\u0027exploitation de ces derni\u00e8res peut avoir\nplusieurs cons\u00e9quences, dont des ex\u00e9cutions de codes arbitraires \u00e0\ndistance.\n",
"title": "Mutliples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Mises \u00e0 jour de s\u00e9curit\u00e9 Apple 2008-003 du 28 mai 2008",
"url": null
}
]
}
CVE-2007-5269 (GCVE-0-2007-5269)
Vulnerability from cvelistv5 – Published: 2007-10-08 21:00 – Updated: 2024-08-07 15:24
VLAI
EPSS
Summary
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
71 references
Date Public
2007-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "FEDORA-2007-2666",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "FEDORA-2007-2521",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html"
},
{
"name": "27093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27093"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "27662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27662"
},
{
"name": "31712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "FEDORA-2007-734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html"
},
{
"name": "27529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "27405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27405"
},
{
"name": "27746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27746"
},
{
"name": "RHSA-2007:0992",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0992.html"
},
{
"name": "ADV-2007-3390",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "31713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31713"
},
{
"name": "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "27391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27391"
},
{
"name": "25956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25956"
},
{
"name": "SUSE-SR:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27369"
},
{
"name": "1018849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018849"
},
{
"name": "oval:org.mitre.oval:def:10614",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=327791"
},
{
"name": "27492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "USN-538-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "GLSA-200711-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=337461"
},
{
"name": "27629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35386"
},
{
"name": "FEDORA-2007-2666",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "FEDORA-2007-2521",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html"
},
{
"name": "27093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27093"
},
{
"name": "1020521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "34388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "27662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27662"
},
{
"name": "31712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "FEDORA-2007-734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html"
},
{
"name": "27529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "27405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27405"
},
{
"name": "27746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27746"
},
{
"name": "RHSA-2007:0992",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0992.html"
},
{
"name": "ADV-2007-3390",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35302"
},
{
"name": "31713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31713"
},
{
"name": "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "27391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27391"
},
{
"name": "25956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25956"
},
{
"name": "SUSE-SR:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27369"
},
{
"name": "1018849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018849"
},
{
"name": "oval:org.mitre.oval:def:10614",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=327791"
},
{
"name": "27492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "USN-538-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "DSA-1750",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "GLSA-200711-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=337461"
},
{
"name": "27629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27965"
},
{
"name": "https://issues.rpath.com/browse/RPL-1814",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35386"
},
{
"name": "FEDORA-2007-2666",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html"
},
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "FEDORA-2007-2521",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html"
},
{
"name": "27093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27093"
},
{
"name": "1020521",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "34388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34388"
},
{
"name": "ADV-2009-1462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "27662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27662"
},
{
"name": "31712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31712"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=195261",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "FEDORA-2007-734",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html"
},
{
"name": "27529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27529"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "27405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27405"
},
{
"name": "27746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27746"
},
{
"name": "RHSA-2007:0992",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0992.html"
},
{
"name": "ADV-2007-3390",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3390"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2148",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2148"
},
{
"name": "259989",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35302"
},
{
"name": "31713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31713"
},
{
"name": "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net\u0026forum_name=png-mng-implement"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "27391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27391"
},
{
"name": "25956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25956"
},
{
"name": "SUSE-SR:2007:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27369"
},
{
"name": "1018849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018849"
},
{
"name": "oval:org.mitre.oval:def:10614",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=327791",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=327791"
},
{
"name": "27492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27492"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "USN-538-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-538-1"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html",
"refsource": "CONFIRM",
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "DSA-1750",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1750"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "GLSA-200711-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=337461",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=337461"
},
{
"name": "27629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5269",
"datePublished": "2007-10-08T21:00:00.000Z",
"dateReserved": "2007-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5275 (GCVE-0-2007-5275)
Vulnerability from cvelistv5 – Published: 2007-10-08 23:00 – Updated: 2024-08-07 15:24
VLAI
EPSS
Summary
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
28 references
Date Public
2007-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2007:069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "29865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29865"
},
{
"name": "28157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28157"
},
{
"name": "30507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30507"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
},
{
"name": "28570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
},
{
"name": "ADV-2008-1724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "TA07-355A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "oval:org.mitre.oval:def:9250",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250"
},
{
"name": "GLSA-200801-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "RHSA-2008:0221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "SUSE-SA:2008:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
},
{
"name": "28161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28161"
},
{
"name": "RHSA-2007:1126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"name": "29763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29763"
},
{
"name": "238305",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "26930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26930"
},
{
"name": "ADV-2007-4258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name": "1019116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019116"
},
{
"name": "GLSA-200804-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "TA08-100A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
},
{
"name": "28213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser\u0027s DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SA:2007:069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "29865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29865"
},
{
"name": "28157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28157"
},
{
"name": "30507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30507"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
},
{
"name": "28570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
},
{
"name": "ADV-2008-1724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "TA07-355A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "oval:org.mitre.oval:def:9250",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250"
},
{
"name": "GLSA-200801-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "RHSA-2008:0221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "SUSE-SA:2008:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
},
{
"name": "28161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28161"
},
{
"name": "RHSA-2007:1126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"name": "29763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29763"
},
{
"name": "238305",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "26930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26930"
},
{
"name": "ADV-2007-4258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name": "1019116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019116"
},
{
"name": "GLSA-200804-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "TA08-100A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
},
{
"name": "28213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser\u0027s DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2007:069",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "29865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29865"
},
{
"name": "28157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28157"
},
{
"name": "30507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30507"
},
{
"name": "http://crypto.stanford.edu/dns/dns-rebinding.pdf",
"refsource": "MISC",
"url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
},
{
"name": "28570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28570"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
},
{
"name": "ADV-2008-1724",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "TA07-355A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "oval:org.mitre.oval:def:9250",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250"
},
{
"name": "GLSA-200801-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "RHSA-2008:0221",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "SUSE-SA:2008:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
},
{
"name": "28161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28161"
},
{
"name": "RHSA-2007:1126",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
},
{
"name": "29763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29763"
},
{
"name": "238305",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "26930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26930"
},
{
"name": "ADV-2007-4258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name": "1019116",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019116"
},
{
"name": "GLSA-200804-21",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "TA08-100A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
},
{
"name": "28213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28213"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5275",
"datePublished": "2007-10-08T23:00:00.000Z",
"dateReserved": "2007-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6019 (GCVE-0-2007-6019)
Vulnerability from cvelistv5 – Published: 2008-04-09 21:00 – Updated: 2024-08-07 15:54
VLAI
EPSS
Summary
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
Date Public
2008-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:25.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29865"
},
{
"name": "oval:org.mitre.oval:def:10160",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
},
{
"name": "30507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30507"
},
{
"name": "1019810",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019810"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
},
{
"name": "ADV-2008-1724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "adobe-flash-declarefunction2-bo(41717)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
},
{
"name": "RHSA-2008:0221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
},
{
"name": "3805",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3805"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "SUSE-SA:2008:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
},
{
"name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
},
{
"name": "29763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29763"
},
{
"name": "238305",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
},
{
"name": "GLSA-200804-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "28694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28694"
},
{
"name": "TA08-100A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "29865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29865"
},
{
"name": "oval:org.mitre.oval:def:10160",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
},
{
"name": "30507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30507"
},
{
"name": "1019810",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019810"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
},
{
"name": "ADV-2008-1724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "adobe-flash-declarefunction2-bo(41717)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
},
{
"name": "RHSA-2008:0221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
},
{
"name": "3805",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3805"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "SUSE-SA:2008:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
},
{
"name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
},
{
"name": "29763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29763"
},
{
"name": "238305",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
},
{
"name": "GLSA-200804-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "28694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28694"
},
{
"name": "TA08-100A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-6019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29865"
},
{
"name": "oval:org.mitre.oval:def:10160",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
},
{
"name": "30507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30507"
},
{
"name": "1019810",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019810"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
},
{
"name": "ADV-2008-1724",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "adobe-flash-declarefunction2-bo(41717)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
},
{
"name": "RHSA-2008:0221",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
},
{
"name": "3805",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3805"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "SUSE-SA:2008:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
},
{
"name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
},
{
"name": "29763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29763"
},
{
"name": "238305",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-021",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
},
{
"name": "GLSA-200804-21",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "28694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28694"
},
{
"name": "TA08-100A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-6019",
"datePublished": "2008-04-09T21:00:00.000Z",
"dateReserved": "2007-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:54:25.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6243 (GCVE-0-2007-6243)
Vulnerability from cvelistv5 – Published: 2007-12-20 01:00 – Updated: 2024-08-07 16:02
VLAI
EPSS
Summary
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
41 references
Date Public
2007-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
},
{
"name": "SUSE-SA:2007:069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "29865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29865"
},
{
"name": "33390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33390"
},
{
"name": "30507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30507"
},
{
"name": "28570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
},
{
"name": "oval:org.mitre.oval:def:11069",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name": "32702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32702"
},
{
"name": "ADV-2008-1724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "TA07-355A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "GLSA-200801-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "RHSA-2008:0221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "JVN#45675516",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2345675516/index.html"
},
{
"name": "VU#935737",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/935737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "SUSE-SA:2008:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
},
{
"name": "26929",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26929"
},
{
"name": "28161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28161"
},
{
"name": "32759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32759"
},
{
"name": "29763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29763"
},
{
"name": "RHSA-2008:0945",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0945.html"
},
{
"name": "238305",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "RHSA-2008:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"name": "ADV-2007-4258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"name": "1019116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019116"
},
{
"name": "26966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26966"
},
{
"name": "GLSA-200804-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "248586",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name": "32448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32448"
},
{
"name": "adobe-unspecified-security-bypass(39129)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39129"
},
{
"name": "TA08-100A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
},
{
"name": "SUSE-SR:2008:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "28213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
},
{
"name": "SUSE-SA:2007:069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "29865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29865"
},
{
"name": "33390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33390"
},
{
"name": "30507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30507"
},
{
"name": "28570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
},
{
"name": "oval:org.mitre.oval:def:11069",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name": "32702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32702"
},
{
"name": "ADV-2008-1724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "TA07-355A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "GLSA-200801-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "RHSA-2008:0221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "JVN#45675516",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2345675516/index.html"
},
{
"name": "VU#935737",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/935737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "SUSE-SA:2008:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
},
{
"name": "26929",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26929"
},
{
"name": "28161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28161"
},
{
"name": "32759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32759"
},
{
"name": "29763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29763"
},
{
"name": "RHSA-2008:0945",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0945.html"
},
{
"name": "238305",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "RHSA-2008:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"name": "ADV-2007-4258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"name": "1019116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019116"
},
{
"name": "26966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26966"
},
{
"name": "GLSA-200804-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "248586",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name": "32448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32448"
},
{
"name": "adobe-unspecified-security-bypass(39129)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39129"
},
{
"name": "TA08-100A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
},
{
"name": "SUSE-SR:2008:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "28213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid=",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
},
{
"name": "SUSE-SA:2007:069",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
},
{
"name": "29865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29865"
},
{
"name": "33390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33390"
},
{
"name": "30507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30507"
},
{
"name": "28570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28570"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
},
{
"name": "oval:org.mitre.oval:def:11069",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11069"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name": "32702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32702"
},
{
"name": "ADV-2008-1724",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1724/references"
},
{
"name": "TA07-355A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
},
{
"name": "GLSA-200801-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
},
{
"name": "RHSA-2008:0221",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "JVN#45675516",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2345675516/index.html"
},
{
"name": "VU#935737",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/935737"
},
{
"name": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html",
"refsource": "MISC",
"url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "SUSE-SA:2008:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
},
{
"name": "26929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26929"
},
{
"name": "28161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28161"
},
{
"name": "32759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32759"
},
{
"name": "29763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29763"
},
{
"name": "RHSA-2008:0945",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0945.html"
},
{
"name": "238305",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
},
{
"name": "RHSA-2008:0980",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"name": "ADV-2007-4258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4258"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"name": "1019116",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019116"
},
{
"name": "26966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26966"
},
{
"name": "GLSA-200804-21",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "248586",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name": "32448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32448"
},
{
"name": "adobe-unspecified-security-bypass(39129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39129"
},
{
"name": "TA08-100A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
},
{
"name": "SUSE-SR:2008:025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "28213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28213"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6243",
"datePublished": "2007-12-20T01:00:00.000Z",
"dateReserved": "2007-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6359 (GCVE-0-2007-6359)
Vulnerability from cvelistv5 – Published: 2007-12-15 01:00 – Updated: 2024-08-07 16:02
VLAI
EPSS
Summary
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/26840 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.us-cert.gov/cas/techalerts/TA08-150A.html | third-party-advisoryx_refsource_CERT |
| http://secunia.com/advisories/30430 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.vupen.com/english/advisories/2007/4216 | vdb-entryx_refsource_VUPEN |
| http://digit-labs.org/files/exploits/xnu-superblo… | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2008/1697 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/28048 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-12-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26840",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26840"
},
{
"name": "macosx-csvalidatepage-dos(38997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38997"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "ADV-2007-4216",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4216"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://digit-labs.org/files/exploits/xnu-superblob-dos.c"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "28048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26840",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26840"
},
{
"name": "macosx-csvalidatepage-dos(38997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38997"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "ADV-2007-4216",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4216"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://digit-labs.org/files/exploits/xnu-superblob-dos.c"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "28048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26840"
},
{
"name": "macosx-csvalidatepage-dos(38997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38997"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "ADV-2007-4216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4216"
},
{
"name": "http://digit-labs.org/files/exploits/xnu-superblob-dos.c",
"refsource": "MISC",
"url": "http://digit-labs.org/files/exploits/xnu-superblob-dos.c"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "28048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6359",
"datePublished": "2007-12-15T01:00:00.000Z",
"dateReserved": "2007-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6388 (GCVE-0-2007-6388)
Vulnerability from cvelistv5 – Published: 2008-01-08 18:00 – Updated: 2024-08-07 16:02
VLAI
EPSS
Summary
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
94 references
Date Public
2008-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2008:0005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
},
{
"name": "ADV-2008-0554",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0554"
},
{
"name": "ADV-2008-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0447/references"
},
{
"name": "28922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28922"
},
{
"name": "ADV-2008-0986",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0986/references"
},
{
"name": "3541",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3541"
},
{
"name": "28749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28749"
},
{
"name": "SSA:2008-045-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748"
},
{
"name": "29988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29988"
},
{
"name": "SSRT090208",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "ADV-2008-1623",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"name": "29806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29806"
},
{
"name": "20080716 rPSA-2008-0035-1 httpd mod_ssl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded"
},
{
"name": "FEDORA-2008-1695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html"
},
{
"name": "1019154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019154"
},
{
"name": "28526",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name": "RHSA-2008:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
},
{
"name": "oval:org.mitre.oval:def:10272",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272"
},
{
"name": "31142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31142"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "233623",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1"
},
{
"name": "RHSA-2008:0007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"name": "ADV-2008-0047",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0047"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "RHSA-2008:0008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
},
{
"name": "FEDORA-2008-1711",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html"
},
{
"name": "RHSA-2008:0009",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html"
},
{
"name": "MDVSA-2008:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "29504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29504"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name": "SSRT080015",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
},
{
"name": "apache-status-page-xss(39472)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39472"
},
{
"name": "ADV-2008-0809",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0809/references"
},
{
"name": "HPSBOV02683",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"name": "28467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28467"
},
{
"name": "SSRT080059",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=689039"
},
{
"name": "PK65782",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"name": "HPSBUX02313",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded"
},
{
"name": "RHSA-2008:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
},
{
"name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"name": "28607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28607"
},
{
"name": "PK62966",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966"
},
{
"name": "SUSE-SA:2008:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"name": "30356",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://httpd.apache.org/security/vulnerabilities_13.html"
},
{
"name": "PK63273",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273"
},
{
"name": "MDVSA-2008:015",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "33200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33200"
},
{
"name": "28965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf"
},
{
"name": "28471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28471"
},
{
"name": "27237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27237"
},
{
"name": "HPSBMA02388",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "RHSA-2008:0261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "USN-575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"name": "29640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29640"
},
{
"name": "32800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32800"
},
{
"name": "28977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28977"
},
{
"name": "30732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30732"
},
{
"name": "ADV-2008-1224",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1224/references"
},
{
"name": "PK59667",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK59667\u0026apar=only"
},
{
"name": "MDVSA-2008:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:09:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2008:0005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
},
{
"name": "ADV-2008-0554",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0554"
},
{
"name": "ADV-2008-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0447/references"
},
{
"name": "28922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28922"
},
{
"name": "ADV-2008-0986",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0986/references"
},
{
"name": "3541",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3541"
},
{
"name": "28749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28749"
},
{
"name": "SSA:2008-045-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748"
},
{
"name": "29988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29988"
},
{
"name": "SSRT090208",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "ADV-2008-1623",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"name": "29806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29806"
},
{
"name": "20080716 rPSA-2008-0035-1 httpd mod_ssl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded"
},
{
"name": "FEDORA-2008-1695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html"
},
{
"name": "1019154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019154"
},
{
"name": "28526",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name": "RHSA-2008:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
},
{
"name": "oval:org.mitre.oval:def:10272",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272"
},
{
"name": "31142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31142"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "233623",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1"
},
{
"name": "RHSA-2008:0007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"name": "ADV-2008-0047",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0047"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "RHSA-2008:0008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
},
{
"name": "FEDORA-2008-1711",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html"
},
{
"name": "RHSA-2008:0009",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html"
},
{
"name": "MDVSA-2008:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "29504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29504"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name": "SSRT080015",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
},
{
"name": "apache-status-page-xss(39472)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39472"
},
{
"name": "ADV-2008-0809",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0809/references"
},
{
"name": "HPSBOV02683",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"name": "28467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28467"
},
{
"name": "SSRT080059",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=689039"
},
{
"name": "PK65782",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"name": "HPSBUX02313",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded"
},
{
"name": "RHSA-2008:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
},
{
"name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"name": "28607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28607"
},
{
"name": "PK62966",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966"
},
{
"name": "SUSE-SA:2008:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"name": "30356",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://httpd.apache.org/security/vulnerabilities_13.html"
},
{
"name": "PK63273",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273"
},
{
"name": "MDVSA-2008:015",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "33200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33200"
},
{
"name": "28965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf"
},
{
"name": "28471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28471"
},
{
"name": "27237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27237"
},
{
"name": "HPSBMA02388",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "RHSA-2008:0261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "USN-575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"name": "29640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29640"
},
{
"name": "32800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32800"
},
{
"name": "28977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28977"
},
{
"name": "30732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30732"
},
{
"name": "ADV-2008-1224",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1224/references"
},
{
"name": "PK59667",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK59667\u0026apar=only"
},
{
"name": "MDVSA-2008:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2008:0005",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
},
{
"name": "ADV-2008-0554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0554"
},
{
"name": "ADV-2008-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0447/references"
},
{
"name": "28922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28922"
},
{
"name": "ADV-2008-0986",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0986/references"
},
{
"name": "3541",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3541"
},
{
"name": "28749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28749"
},
{
"name": "SSA:2008-045-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748"
},
{
"name": "29988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29988"
},
{
"name": "SSRT090208",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "ADV-2008-1623",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"name": "29806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29806"
},
{
"name": "20080716 rPSA-2008-0035-1 httpd mod_ssl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded"
},
{
"name": "FEDORA-2008-1695",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html"
},
{
"name": "1019154",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019154"
},
{
"name": "28526",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28526"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name": "RHSA-2008:0006",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
},
{
"name": "oval:org.mitre.oval:def:10272",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272"
},
{
"name": "31142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31142"
},
{
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "233623",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1"
},
{
"name": "RHSA-2008:0007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0007.html"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_20.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"name": "ADV-2008-0047",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0047"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "RHSA-2008:0008",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
},
{
"name": "FEDORA-2008-1711",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html"
},
{
"name": "RHSA-2008:0009",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html"
},
{
"name": "MDVSA-2008:014",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "29504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29504"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name": "SSRT080015",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
},
{
"name": "apache-status-page-xss(39472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39472"
},
{
"name": "ADV-2008-0809",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0809/references"
},
{
"name": "HPSBOV02683",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"name": "28467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28467"
},
{
"name": "SSRT080059",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=689039",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=689039"
},
{
"name": "PK65782",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"name": "HPSBUX02313",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded"
},
{
"name": "RHSA-2008:0004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
},
{
"name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"name": "28607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28607"
},
{
"name": "PK62966",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966"
},
{
"name": "SUSE-SA:2008:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"name": "30356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30356"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_13.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_13.html"
},
{
"name": "PK63273",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273"
},
{
"name": "MDVSA-2008:015",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "33200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33200"
},
{
"name": "28965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28965"
},
{
"name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf",
"refsource": "CONFIRM",
"url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf"
},
{
"name": "28471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28471"
},
{
"name": "27237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27237"
},
{
"name": "HPSBMA02388",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "USN-575-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"name": "29640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29640"
},
{
"name": "32800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32800"
},
{
"name": "28977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28977"
},
{
"name": "30732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30732"
},
{
"name": "ADV-2008-1224",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1224/references"
},
{
"name": "PK59667",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PK59667\u0026apar=only"
},
{
"name": "MDVSA-2008:016",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6388",
"datePublished": "2008-01-08T18:00:00.000Z",
"dateReserved": "2007-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6612 (GCVE-0-2007-6612)
Vulnerability from cvelistv5 – Published: 2008-01-03 22:00 – Updated: 2024-08-07 16:11
VLAI
EPSS
Summary
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://rubyforge.org/pipermail/mongrel-users/2007… | mailing-listx_refsource_MLIST |
| http://mongrel.rubyforge.org/news.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/27133 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/28323 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/39866 | vdb-entryx_refsource_OSVDB |
| http://www.us-cert.gov/cas/techalerts/TA08-150A.html | third-party-advisoryx_refsource_CERT |
| http://rubyforge.org/pipermail/mongrel-users/2007… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/30430 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.vupen.com/english/advisories/2008/1697 | vdb-entryx_refsource_VUPEN |
| http://rubyforge.org/pipermail/mongrel-users/2007… | mailing-listx_refsource_MLIST |
| http://rubyforge.org/pipermail/mongrel-users/2007… | mailing-listx_refsource_MLIST |
Date Public
2007-12-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Mongrel] 20071228 Arbitrary system files readable in 1.0.4 - 1.1.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004736.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mongrel.rubyforge.org/news.html"
},
{
"name": "27133",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27133"
},
{
"name": "28323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28323"
},
{
"name": "39866",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39866"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "[Mongrel] 20071229 Regarding the 1.1.3 security release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004742.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "[Mongrel] [SECURITY] Must Fix This Now! (Re: Arbitrary system files readable in 1.0.4 - 1.1.2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004743.html"
},
{
"name": "[Mongrel] 20071228 Arbitrary system files readable in 1.0.4 - 1.1.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004733.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (\".%252e\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-09T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Mongrel] 20071228 Arbitrary system files readable in 1.0.4 - 1.1.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004736.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mongrel.rubyforge.org/news.html"
},
{
"name": "27133",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27133"
},
{
"name": "28323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28323"
},
{
"name": "39866",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39866"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "[Mongrel] 20071229 Regarding the 1.1.3 security release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004742.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "[Mongrel] [SECURITY] Must Fix This Now! (Re: Arbitrary system files readable in 1.0.4 - 1.1.2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004743.html"
},
{
"name": "[Mongrel] 20071228 Arbitrary system files readable in 1.0.4 - 1.1.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004733.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (\".%252e\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Mongrel] 20071228 Arbitrary system files readable in 1.0.4 - 1.1.2",
"refsource": "MLIST",
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004736.html"
},
{
"name": "http://mongrel.rubyforge.org/news.html",
"refsource": "CONFIRM",
"url": "http://mongrel.rubyforge.org/news.html"
},
{
"name": "27133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27133"
},
{
"name": "28323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28323"
},
{
"name": "39866",
"refsource": "OSVDB",
"url": "http://osvdb.org/39866"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "[Mongrel] 20071229 Regarding the 1.1.3 security release",
"refsource": "MLIST",
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004742.html"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "[Mongrel] [SECURITY] Must Fix This Now! (Re: Arbitrary system files readable in 1.0.4 - 1.1.2)",
"refsource": "MLIST",
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004743.html"
},
{
"name": "[Mongrel] 20071228 Arbitrary system files readable in 1.0.4 - 1.1.2",
"refsource": "MLIST",
"url": "http://rubyforge.org/pipermail/mongrel-users/2007-December/004733.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6612",
"datePublished": "2008-01-03T22:00:00.000Z",
"dateReserved": "2008-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:11:06.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0177 (GCVE-0-2008-0177)
Vulnerability from cvelistv5 – Published: 2008-02-07 21:00 – Updated: 2024-08-07 07:39
VLAI
EPSS
Summary
The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
Date Public
2008-02-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:35.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28816",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28816"
},
{
"name": "ADV-2008-0688",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0688"
},
{
"name": "ADV-2008-0441",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
},
{
"name": "27642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27642"
},
{
"name": "28788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28788"
},
{
"name": "FreeBSD-SA-08:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "29130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29130"
},
{
"name": "28979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28979"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "1019314",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019314"
},
{
"name": "VU#110947",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/110947"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31074"
},
{
"name": "5191",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "28816",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28816"
},
{
"name": "ADV-2008-0688",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0688"
},
{
"name": "ADV-2008-0441",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
},
{
"name": "27642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27642"
},
{
"name": "28788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28788"
},
{
"name": "FreeBSD-SA-08:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "29130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29130"
},
{
"name": "28979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28979"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "1019314",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019314"
},
{
"name": "VU#110947",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/110947"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31074"
},
{
"name": "5191",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-0177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28816",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28816"
},
{
"name": "ADV-2008-0688",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0688"
},
{
"name": "ADV-2008-0441",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0441"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
},
{
"name": "27642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27642"
},
{
"name": "28788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28788"
},
{
"name": "FreeBSD-SA-08:04",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "29130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29130"
},
{
"name": "28979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28979"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37",
"refsource": "CONFIRM",
"url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37"
},
{
"name": "APPLE-SA-2008-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "1019314",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019314"
},
{
"name": "VU#110947",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/110947"
},
{
"name": "31074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31074"
},
{
"name": "5191",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-0177",
"datePublished": "2008-02-07T21:00:00.000Z",
"dateReserved": "2008-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:35.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1027 (GCVE-0-2008-1027)
Vulnerability from cvelistv5 – Published: 2008-06-02 14:00 – Updated: 2024-08-07 08:08
VLAI
EPSS
Summary
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.us-cert.gov/cas/techalerts/TA08-150A.html | third-party-advisoryx_refsource_CERT |
| http://securitytracker.com/id?1020130 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/30430 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.vupen.com/english/advisories/2008/1697 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/29490 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/bid/29412 | vdb-entryx_refsource_BID |
Date Public
2008-05-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "macosx-afpserver-security-bypass(42703)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42703"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "1020130",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020130"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "29490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29490"
},
{
"name": "29412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "macosx-afpserver-security-bypass(42703)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42703"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "1020130",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020130"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "29490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29490"
},
{
"name": "29412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macosx-afpserver-security-bypass(42703)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42703"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "1020130",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020130"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "29490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29490"
},
{
"name": "29412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1027",
"datePublished": "2008-06-02T14:00:00.000Z",
"dateReserved": "2008-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:08:57.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1028 (GCVE-0-2008-1028)
Vulnerability from cvelistv5 – Published: 2008-06-02 14:00 – Updated: 2024-08-07 08:08
VLAI
EPSS
Summary
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1020131 | vdb-entryx_refsource_SECTRACK |
| http://www.us-cert.gov/cas/techalerts/TA08-150A.html | third-party-advisoryx_refsource_CERT |
| http://secunia.com/advisories/30430 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securityfocus.com/bid/29487 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2008/1697 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/29412 | vdb-entryx_refsource_BID |
Date Public
2008-05-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020131"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "macosx-appkit-code-execution(42705)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42705"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "29487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29487"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "29412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020131"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"name": "macosx-appkit-code-execution(42705)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42705"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "29487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29487"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "29412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020131",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020131"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "macosx-appkit-code-execution(42705)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42705"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "29487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29487"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "29412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1028",
"datePublished": "2008-06-02T14:00:00.000Z",
"dateReserved": "2008-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:08:57.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…