The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HP Business Availability Center

vulnerability alert CVE-2012-3255 CVE-2012-3256 CVE-2012-3257

HP Business Availability Center: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of the web interface of HP Business Availability Center.
Impacted products: HPE BAC, OpenView.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/09/2012.
Identifiers: BID-55444, c03475750, CERTA-2012-AVI-488, CVE-2012-3255, CVE-2012-3256, CVE-2012-3257, HPSBMU02811, SSRT100937, VIGILANCE-VUL-11921.

Description of the vulnerability

An attacker can use three vulnerabilities of the web interface of HP Business Availability Center.

An attacker can generate a Cross Site Scripting, in order to generate JavaScript code in the context of the web site. [severity:2/4; CVE-2012-3255]

An attacker can generate a Cross Site Request Forgery, in order to operate user actions on the web site. [severity:2/4; CVE-2012-3256]

An attacker can steal the web session of a user, in order to operate actions under his account. [severity:2/4; CVE-2012-3257]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2012-0132

HP Business Availability Center: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in HP Business Availability Center, in order to execute JavaScript code in the context of the web site.
Impacted products: HPE BAC.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 04/04/2012.
Identifiers: BID-52880, c03242623, CERTA-2012-AVI-194, CVE-2012-0132, HPSBMU02749, SSRT100793, VIGILANCE-VUL-11520.

Description of the vulnerability

An attacker can generate a Cross Site Scripting in HP Business Availability Center, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2011-1856

HP BAC: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in HP Business Availability Center.
Impacted products: HPE BAC.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 16/05/2011.
Identifiers: BID-47846, c02823184, CERTA-2011-AVI-300, CVE-2011-1856, HPSBMA02681, SSRT100493, VIGILANCE-VUL-10657.

Description of the vulnerability

The HP BAC (Business Availability Center) product can be used to administer a service.

An attacker can generate a Cross Site Scripting in HP Business Availability Center.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2010-4476

Java JRE: denial of service via a real

Synthesis of the vulnerability

An attacker can use a special double floating point number, in order to create an infinite loop in Java programs.
Impacted products: Debian, Fedora, HPE BAC, HPE NNMi, OpenView, OpenView NNM, Tru64 UNIX, HP-UX, AIX, DB2 UDB, Tivoli Directory Server, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, JBoss AS OpenSource, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Oracle iPlanet Web Server, Java Oracle, Oracle Web Tier, RHEL, JBoss EAP by Red Hat, SLES.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/02/2011.
Identifiers: 1468291, BID-46091, c02729756, c02738573, c02746026, c02752210, c02775276, c02826781, c02906075, c03090723, c03316985, CERTA-2002-AVI-271, CERTA-2012-AVI-286, cpuapr2011, CVE-2010-4476, DSA-2161-1, DSA-2161-2, FEDORA-2011-1231, FEDORA-2011-1263, HPSBMU02690, HPSBTU02684, HPSBUX02633, HPSBUX02641, HPSBUX02642, HPSBUX02645, HPSBUX02685, HPSBUX02725, HPSBUX02777, IZ94331, javacpufeb2011, MDVSA-2011:054, openSUSE-SU-2011:0126-1, PM32175, PM32177, PM32184, PM32192, PM32194, RHSA-2011:0210-01, RHSA-2011:0211-01, RHSA-2011:0212-01, RHSA-2011:0213-01, RHSA-2011:0214-01, RHSA-2011:0282-01, RHSA-2011:0290-01, RHSA-2011:0291-01, RHSA-2011:0292-01, RHSA-2011:0299-01, RHSA-2011:0333-01, RHSA-2011:0334-01, RHSA-2011:0336-01, RHSA-2011:0348-01, RHSA-2011:0349-01, RHSA-2011:0880-01, SSRT100387, SSRT100390, SSRT100412, SSRT100415, SSRT100505, SSRT100569, SSRT100627, SSRT100854, SUSE-SA:2011:010, SUSE-SA:2011:014, SUSE-SR:2011:008, SUSE-SU-2011:0823-1, swg21469266, swg24030066, swg24030067, VIGILANCE-VUL-10321.

Description of the vulnerability

The number 2.2250738585072011e-308 if the "largest subnormal double number" (in base 2 : 0x0fffffffffffff x 2^-1022).

On a x86 processor, the Java JRE uses x87 FPU registers (80 bit), in order to find bit-after-bit the closest real value. This loop stops when the remainder is inferior to the precision. However, with the number 2.225..., this stop condition is never true (80 bit rounded to 64 bit), and an infinite loop occurs.

An attacker can therefore use a special double floating point number, in order to create an infinite loop in Java programs.

The origin of this vulnerability is the same as VIGILANCE-VUL-10257.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-0274

HP BAC, BSM: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in HP Business Availability Center and HP Business Service Management.
Impacted products: HPE BAC, HPE BSM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 21/01/2011.
Identifiers: BID-45944, c02678501, CERTA-2011-AVI-035, CVE-2011-0274, HPSBMA02622, SSRT100342, VIGILANCE-VUL-10289.

Description of the vulnerability

The HP BAC (Business Availability Center) and HP BSM (Business Service Management) products can be used to administer a service.

An attacker can generate a Cross Site Scripting in HP Business Availability Center and HP Business Service Management.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2010-1452

Apache httpd: denial of service of mod_cache and mod_dav

Synthesis of the vulnerability

An attacker can use a special uri, in order to create a denial of service in mod_cache and mod_dav.
Impacted products: Apache httpd, Debian, Fedora, HPE BAC, HP-UX, Mandriva Linux, OpenSolaris, Solaris, RHEL, JBoss EAP by Red Hat, Slackware, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 26/07/2010.
Identifiers: 966349, BID-41963, c02579879, c03236227, CERTA-2011-AVI-493, CVE-2010-1452, DSA-2298-1, DSA-2298-2, FEDORA-2010-12478, HPSBMU02753, HPSBUX02612, MDVSA-2010:152, MDVSA-2010:153, RHSA-2010:0659-01, RHSA-2011:0896-01, RHSA-2011:0897-01, SSA:2010-240-02, SSRT100345, SSRT100782, SUSE-SU-2011:1000-1, SUSE-SU-2011:1215-1, VIGILANCE-VUL-9789.

Description of the vulnerability

The Apache httpd server uses the "parsed_uri" field of the "request_rec" structure to store the decoded uri:
  scheme://user:password@hostname:port_str/path?query
The "path" field of the apr_uri_t structure can be NULL if the uri is for example:
  scheme://user:password@hostname:port_str

However, the mod_cache and mod_dav modules do not check this case, and dereference a NULL pointer.

The mod_cache module is only impacted if the CacheIgnoreURLSessionIdentifiers directive is used. The attacker has to be authenticated on mod_dav in order to exploit the vulnerability.

An attacker can therefore use a special uri, in order to create a denial of service in mod_cache and mod_dav.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2010-0738 CVE-2010-1428 CVE-2010-1429

JBoss Enterprise Application Platform: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of JBoss Enterprise Application Platform, in order to access to the console or to obtain sensitive information.
Impacted products: ControlMinder, HPE BAC, HPE BSM, HPE NNMi, Junos Space, Junos Space Network Management Platform, RHEL, JBoss EAP by Red Hat.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/04/2010.
Identifiers: BID-39710, c03057508, c03127140, c03824583, CA20130213-01, CERTA-2013-AVI-440, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, HPSBMU02714, HPSBMU02736, HPSBMU02894, RHSA-2010:0376-01, RHSA-2010:0377-01, RHSA-2010:0378-01, RHSA-2010:0379-01, SSRT100244, SSRT100699, VIGILANCE-VUL-9613.

Description of the vulnerability

Three vulnerabilities were announced in JBoss Enterprise Application Platform.

An attacker can use an HTTP query different from GET/POST in order to access to the JMX Console. [severity:3/4; CVE-2010-0738]

An attacker can use an HTTP query different from GET/POST in order to access to the Web Console (/web-console). [severity:3/4; CVE-2010-1428]

An attacker can access to the status servlet, in order to obtain sensitive information. [severity:2/4; CVE-2010-1429]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-2699

Apache httpd: denial of service under Solaris

Synthesis of the vulnerability

An attacker can open several sessions when Apache httpd is installed under Solaris, in order to stop it.
Impacted products: Apache httpd, VNX Operating Environment, VNX Series, HPE BAC, OpenSolaris.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 06/10/2009.
Identifiers: 47645, BID-36596, c03236227, CVE-2009-2699, DSA-2019-131, HPSBMU02753, SSRT100782, VIGILANCE-VUL-9074.

Description of the vulnerability

The port_getn() function is used to obtain information on events related to a port (multiplexed queue)

Under Solaris, this function can return the ETIME error, when a concurrent access occurs. However, the poll/unix/port.c file of Apache APR does not handle this error, which creates a deadlock.

An attacker can therefore open several parallel sessions when Apache httpd is installed under Solaris, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2009-3095

Apache httpd: sending FTP commands via mod_proxy_ftp

Synthesis of the vulnerability

An authenticated attacker can use mod_proxy_ftp to send FTP commands to a remote FTP server.
Impacted products: Apache httpd, Debian, Fedora, HPE BAC, HP-UX, Mandriva Linux, Mandriva NF, NLD, OES, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES, TurboLinux.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 22/09/2009.
Identifiers: c02160663, c03236227, CVE-2009-3095, DSA-1934-1, FEDORA-2009-12606, FEDORA-2009-12747, HPSBMU02753, HPSBUX02531, MDVSA-2009:240, MDVSA-2009:323, RHSA-2009:1461-01, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0602-02, SSA:2010-024-01, SSRT100108, SSRT100782, SUSE-SA:2009:050, TLSA-2009-30, VIGILANCE-VUL-9038.

Description of the vulnerability

The Apache server contains a "mod_proxy_ftp" module which can be used to manage FTP requests in proxy mode ("ProxyRequests On" in the configuration file).

To authenticate on a remote FTP server, the proxy user can:
 - add "user:pass" in the url, or
 - add an Authorization header containing "Basic base64(user:pass)"
The proxy_ftp_handler() function of the modules/proxy/mod_proxy_ftp.c file extracts the login and the password. However, it does not check if the password coming from the Authorization header contains line feeds.

An attacker can for example use:
  Authorization: Basic base64(user:pass\r\ncwd /)
in order to change the current directory.

An authenticated attacker can thus use mod_proxy_ftp to send FTP commands to a remote FTP server.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-3094

Apache httpd: denial of service via mod_proxy_ftp

Synthesis of the vulnerability

A malicious FTP server can stop the mod_proxy_ftp module of Apache httpd.
Impacted products: Apache httpd, Debian, Fedora, HPE BAC, HP-UX, Mandriva Linux, Mandriva NF, NLD, OES, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES, TurboLinux.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet server.
Creation date: 03/09/2009.
Identifiers: BID-36260, c02160663, c03236227, CVE-2009-3094, DSA-1934-1, FEDORA-2009-12606, FEDORA-2009-12747, HPSBMU02753, HPSBUX02531, MDVSA-2009:240, MDVSA-2009:323, RHSA-2009:1461-01, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0602-02, SSA:2010-024-01, SSRT100108, SSRT100782, SUSE-SA:2009:050, TLSA-2009-30, VIGILANCE-VUL-8994.

Description of the vulnerability

The Apache server contains a "mod_proxy_ftp" module which can be used to manage FTP requests in proxy mode ("ProxyRequests On" in the configuration file).

The PASV and EPSV (RFC 2428) commands ask the FTP server the reserve a port to transfer data in passive mode. The server then answers:
  PASV : 227 Entering Passive Mode. IP1,IP2,IP3,IP4,port1,port2
  EPSV : 229 Entering Extended Passive Mode (|||port|)
The proxy has to parse these lines in order to extract the port number.

However, if the FTP server only returns the code 227 or 229 (not followed by a space), the ap_proxy_ftp_handler() function of the modules/proxy/[mod_]proxy_ftp.c file dereferences a NULL pointer.

A malicious FTP server can therefore invite the victim to connect (via an image on a web page for example), in order to stop the mod_proxy_ftp module of Apache httpd.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.