The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Business Availability Center

computer threat alert CVE-2012-3255 CVE-2012-3256 CVE-2012-3257

HP Business Availability Center: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of the web interface of HP Business Availability Center.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/09/2012.
Identifiers: BID-55444, c03475750, CERTA-2012-AVI-488, CVE-2012-3255, CVE-2012-3256, CVE-2012-3257, HPSBMU02811, SSRT100937, VIGILANCE-VUL-11921.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use three vulnerabilities of the web interface of HP Business Availability Center.

An attacker can generate a Cross Site Scripting, in order to generate JavaScript code in the context of the web site. [severity:2/4; CVE-2012-3255]

An attacker can generate a Cross Site Request Forgery, in order to operate user actions on the web site. [severity:2/4; CVE-2012-3256]

An attacker can steal the web session of a user, in order to operate actions under his account. [severity:2/4; CVE-2012-3257]
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2012-0132

HP Business Availability Center: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in HP Business Availability Center, in order to execute JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 04/04/2012.
Identifiers: BID-52880, c03242623, CERTA-2012-AVI-194, CVE-2012-0132, HPSBMU02749, SSRT100793, VIGILANCE-VUL-11520.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a Cross Site Scripting in HP Business Availability Center, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2011-1856

HP BAC: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in HP Business Availability Center.
Severity: 2/4.
Creation date: 16/05/2011.
Identifiers: BID-47846, c02823184, CERTA-2011-AVI-300, CVE-2011-1856, HPSBMA02681, SSRT100493, VIGILANCE-VUL-10657.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP BAC (Business Availability Center) product can be used to administer a service.

An attacker can generate a Cross Site Scripting in HP Business Availability Center.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2010-4476

Java JRE: denial of service via a real

Synthesis of the vulnerability

An attacker can use a special double floating point number, in order to create an infinite loop in Java programs.
Severity: 3/4.
Creation date: 02/02/2011.
Identifiers: 1468291, BID-46091, c02729756, c02738573, c02746026, c02752210, c02775276, c02826781, c02906075, c03090723, c03316985, CERTA-2002-AVI-271, CERTA-2012-AVI-286, cpuapr2011, CVE-2010-4476, DSA-2161-1, DSA-2161-2, FEDORA-2011-1231, FEDORA-2011-1263, HPSBMU02690, HPSBTU02684, HPSBUX02633, HPSBUX02641, HPSBUX02642, HPSBUX02645, HPSBUX02685, HPSBUX02725, HPSBUX02777, IZ94331, javacpufeb2011, MDVSA-2011:054, openSUSE-SU-2011:0126-1, PM32175, PM32177, PM32184, PM32192, PM32194, RHSA-2011:0210-01, RHSA-2011:0211-01, RHSA-2011:0212-01, RHSA-2011:0213-01, RHSA-2011:0214-01, RHSA-2011:0282-01, RHSA-2011:0290-01, RHSA-2011:0291-01, RHSA-2011:0292-01, RHSA-2011:0299-01, RHSA-2011:0333-01, RHSA-2011:0334-01, RHSA-2011:0336-01, RHSA-2011:0348-01, RHSA-2011:0349-01, RHSA-2011:0880-01, SSRT100387, SSRT100390, SSRT100412, SSRT100415, SSRT100505, SSRT100569, SSRT100627, SSRT100854, SUSE-SA:2011:010, SUSE-SA:2011:014, SUSE-SR:2011:008, SUSE-SU-2011:0823-1, swg21469266, swg24030066, swg24030067, VIGILANCE-VUL-10321.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The number 2.2250738585072011e-308 if the "largest subnormal double number" (in base 2 : 0x0fffffffffffff x 2^-1022).

On a x86 processor, the Java JRE uses x87 FPU registers (80 bit), in order to find bit-after-bit the closest real value. This loop stops when the remainder is inferior to the precision. However, with the number 2.225..., this stop condition is never true (80 bit rounded to 64 bit), and an infinite loop occurs.

An attacker can therefore use a special double floating point number, in order to create an infinite loop in Java programs.

The origin of this vulnerability is the same as VIGILANCE-VUL-10257.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2011-0274

HP BAC, BSM: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in HP Business Availability Center and HP Business Service Management.
Severity: 2/4.
Creation date: 21/01/2011.
Identifiers: BID-45944, c02678501, CERTA-2011-AVI-035, CVE-2011-0274, HPSBMA02622, SSRT100342, VIGILANCE-VUL-10289.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP BAC (Business Availability Center) and HP BSM (Business Service Management) products can be used to administer a service.

An attacker can generate a Cross Site Scripting in HP Business Availability Center and HP Business Service Management.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2010-1452

Apache httpd: denial of service of mod_cache and mod_dav

Synthesis of the vulnerability

An attacker can use a special uri, in order to create a denial of service in mod_cache and mod_dav.
Severity: 2/4.
Creation date: 26/07/2010.
Identifiers: 966349, BID-41963, c02579879, c03236227, CERTA-2011-AVI-493, CVE-2010-1452, DSA-2298-1, DSA-2298-2, FEDORA-2010-12478, HPSBMU02753, HPSBUX02612, MDVSA-2010:152, MDVSA-2010:153, RHSA-2010:0659-01, RHSA-2011:0896-01, RHSA-2011:0897-01, SSA:2010-240-02, SSRT100345, SSRT100782, SUSE-SU-2011:1000-1, SUSE-SU-2011:1215-1, VIGILANCE-VUL-9789.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache httpd server uses the "parsed_uri" field of the "request_rec" structure to store the decoded uri:
  scheme://user:password@hostname:port_str/path?query
The "path" field of the apr_uri_t structure can be NULL if the uri is for example:
  scheme://user:password@hostname:port_str

However, the mod_cache and mod_dav modules do not check this case, and dereference a NULL pointer.

The mod_cache module is only impacted if the CacheIgnoreURLSessionIdentifiers directive is used. The attacker has to be authenticated on mod_dav in order to exploit the vulnerability.

An attacker can therefore use a special uri, in order to create a denial of service in mod_cache and mod_dav.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2010-0738 CVE-2010-1428 CVE-2010-1429

JBoss Enterprise Application Platform: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of JBoss Enterprise Application Platform, in order to access to the console or to obtain sensitive information.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/04/2010.
Identifiers: BID-39710, c03057508, c03127140, c03824583, CA20130213-01, CERTA-2013-AVI-440, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, HPSBMU02714, HPSBMU02736, HPSBMU02894, RHSA-2010:0376-01, RHSA-2010:0377-01, RHSA-2010:0378-01, RHSA-2010:0379-01, SSRT100244, SSRT100699, VIGILANCE-VUL-9613.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Three vulnerabilities were announced in JBoss Enterprise Application Platform.

An attacker can use an HTTP query different from GET/POST in order to access to the JMX Console. [severity:3/4; CVE-2010-0738]

An attacker can use an HTTP query different from GET/POST in order to access to the Web Console (/web-console). [severity:3/4; CVE-2010-1428]

An attacker can access to the status servlet, in order to obtain sensitive information. [severity:2/4; CVE-2010-1429]
Full Vigil@nce bulletin... (Free trial)

security note CVE-2009-2699

Apache httpd: denial of service under Solaris

Synthesis of the vulnerability

An attacker can open several sessions when Apache httpd is installed under Solaris, in order to stop it.
Severity: 2/4.
Creation date: 06/10/2009.
Identifiers: 47645, BID-36596, c03236227, CVE-2009-2699, DSA-2019-131, HPSBMU02753, SSRT100782, VIGILANCE-VUL-9074.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The port_getn() function is used to obtain information on events related to a port (multiplexed queue)

Under Solaris, this function can return the ETIME error, when a concurrent access occurs. However, the poll/unix/port.c file of Apache APR does not handle this error, which creates a deadlock.

An attacker can therefore open several parallel sessions when Apache httpd is installed under Solaris, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2009-3095

Apache httpd: sending FTP commands via mod_proxy_ftp

Synthesis of the vulnerability

An authenticated attacker can use mod_proxy_ftp to send FTP commands to a remote FTP server.
Severity: 1/4.
Creation date: 22/09/2009.
Identifiers: c02160663, c03236227, CVE-2009-3095, DSA-1934-1, FEDORA-2009-12606, FEDORA-2009-12747, HPSBMU02753, HPSBUX02531, MDVSA-2009:240, MDVSA-2009:323, RHSA-2009:1461-01, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0602-02, SSA:2010-024-01, SSRT100108, SSRT100782, SUSE-SA:2009:050, TLSA-2009-30, VIGILANCE-VUL-9038.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache server contains a "mod_proxy_ftp" module which can be used to manage FTP requests in proxy mode ("ProxyRequests On" in the configuration file).

To authenticate on a remote FTP server, the proxy user can:
 - add "user:pass" in the url, or
 - add an Authorization header containing "Basic base64(user:pass)"
The proxy_ftp_handler() function of the modules/proxy/mod_proxy_ftp.c file extracts the login and the password. However, it does not check if the password coming from the Authorization header contains line feeds.

An attacker can for example use:
  Authorization: Basic base64(user:pass\r\ncwd /)
in order to change the current directory.

An authenticated attacker can thus use mod_proxy_ftp to send FTP commands to a remote FTP server.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2009-3094

Apache httpd: denial of service via mod_proxy_ftp

Synthesis of the vulnerability

A malicious FTP server can stop the mod_proxy_ftp module of Apache httpd.
Severity: 2/4.
Creation date: 03/09/2009.
Identifiers: BID-36260, c02160663, c03236227, CVE-2009-3094, DSA-1934-1, FEDORA-2009-12606, FEDORA-2009-12747, HPSBMU02753, HPSBUX02531, MDVSA-2009:240, MDVSA-2009:323, RHSA-2009:1461-01, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0602-02, SSA:2010-024-01, SSRT100108, SSRT100782, SUSE-SA:2009:050, TLSA-2009-30, VIGILANCE-VUL-8994.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache server contains a "mod_proxy_ftp" module which can be used to manage FTP requests in proxy mode ("ProxyRequests On" in the configuration file).

The PASV and EPSV (RFC 2428) commands ask the FTP server the reserve a port to transfer data in passive mode. The server then answers:
  PASV : 227 Entering Passive Mode. IP1,IP2,IP3,IP4,port1,port2
  EPSV : 229 Entering Extended Passive Mode (|||port|)
The proxy has to parse these lines in order to extract the port number.

However, if the FTP server only returns the code 227 or 229 (not followed by a space), the ap_proxy_ftp_handler() function of the modules/proxy/[mod_]proxy_ftp.c file dereferences a NULL pointer.

A malicious FTP server can therefore invite the victim to connect (via an image on a web page for example), in order to stop the mod_proxy_ftp module of Apache httpd.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.