The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HP HP-UX

vulnerability note CVE-2016-1285 CVE-2016-1286 CVE-2016-2088

ISC BIND: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 10/03/2016.
Identifiers: bulletinjan2016, c05087821, CVE-2016-1285, CVE-2016-1286, CVE-2016-2088, DSA-3511-1, FEDORA-2016-161b73fc2c, FEDORA-2016-364c0a9df4, FEDORA-2016-5047abe4a9, FEDORA-2016-b593e84223, FreeBSD-SA-16:13.bind, HPSBUX03583, openSUSE-SU-2016:0827-1, openSUSE-SU-2016:0830-1, openSUSE-SU-2016:0834-1, openSUSE-SU-2016:0859-1, RHSA-2016:0458-01, RHSA-2016:0459-01, RHSA-2016:0562-01, RHSA-2016:0601-01, SOL62012529, SSA:2016-069-01, SSRT110084, SUSE-SU-2016:0759-1, SUSE-SU-2016:0780-1, SUSE-SU-2016:0825-1, USN-2925-1, VIGILANCE-VUL-19144.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can force an assertion error via rndc, in order to trigger a denial of service. [severity:2/4; CVE-2016-1285]

An attacker can force an assertion error via DNAME, in order to trigger a denial of service. [severity:3/4; CVE-2016-1286]

An attacker can force an assertion error via DNS Cookies, in order to trigger a denial of service. [severity:3/4; CVE-2016-2088]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-7560 CVE-2016-0771

Samba: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Samba.
Impacted products: Debian, Fedora, HP-UX, DB2 UDB, openSUSE, openSUSE Leap, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 08/03/2016.
Identifiers: 1986595, c05121842, CERTFR-2016-AVI-084, CVE-2015-7560, CVE-2016-0771, DSA-3514-1, FEDORA-2016-cad77a4576, FEDORA-2016-ed1587f6ba, HPSBUX03596, openSUSE-SU-2016:0813-1, openSUSE-SU-2016:0877-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2016:0448-01, RHSA-2016:0449-01, SSA:2016-068-02, SUSE-SU-2016:0814-1, SUSE-SU-2016:0816-1, SUSE-SU-2016:0837-1, SUSE-SU-2016:0905-1, USN-2922-1, VIGILANCE-VUL-19118.

Description of the vulnerability

Several vulnerabilities were announced in Samba.

An attacker can create a symbolic link, in order to alter ACLs. [severity:2/4; CVE-2015-7560]

An attacker can force a read at an invalid address with a DNS TXT record sent to the internal DNS server in AC DC mode, in order to trigger a denial of service. [severity:2/4; CVE-2016-0771]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-0763

Apache Tomcat: read-write access via setGlobalContext

Synthesis of the vulnerability

An attacker, who is allowed to upload a malicious web application on the service, can bypass access restrictions via setGlobalContext of Apache Tomcat, in order to read or alter data.
Impacted products: Tomcat, Debian, Fedora, SiteScope, HP-UX, openSUSE Leap, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, WebLogic, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 22/02/2016.
Identifiers: 1980693, c05150442, c05324755, cpuapr2017, CVE-2016-0763, DSA-3530-1, DSA-3552-1, DSA-3609-1, FEDORA-2016-e6651efbaf, HPSBGN03669, HPSBUX03606, openSUSE-SU-2016:0865-1, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, RHSA-2016:2599-02, RHSA-2016:2807-01, RHSA-2016:2808-01, SUSE-SU-2016:0769-1, SUSE-SU-2016:0822-1, USN-3024-1, VIGILANCE-VUL-18999.

Description of the vulnerability

The Apache Tomcat product can execute a web application from an untrusted source with a Security Manager.

However, a malicious application can use ResourceLinkFactory.setGlobalContext() to inject a context in another application, and access to its data.

An attacker, who is allowed to upload a malicious web application on the service, can therefore bypass access restrictions via setGlobalContext of Apache Tomcat, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-0714

Apache Tomcat: code execution via PersistentManager

Synthesis of the vulnerability

An attacker, who is allowed to upload a malicious web application on the service, can use the PersistentManager of Apache Tomcat, in order to run code.
Impacted products: Tomcat, Debian, BIG-IP Hardware, TMOS, HP-UX, QRadar SIEM, openSUSE Leap, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, WebLogic, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 22/02/2016.
Identifiers: 1980693, 1983989, c05054964, c05150442, cpuapr2017, CVE-2016-0714, DSA-3530-1, DSA-3552-1, DSA-3609-1, HPSBUX03561, HPSBUX03606, K30971148, openSUSE-SU-2016:0865-1, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, RHSA-2016:2045-01, RHSA-2016:2599-02, RHSA-2016:2807-01, RHSA-2016:2808-01, SOL30971148, SUSE-SU-2016:0769-1, SUSE-SU-2016:0822-1, SUSE-SU-2016:0839-1, USN-3024-1, VIGILANCE-VUL-18998.

Description of the vulnerability

The Apache Tomcat product can execute a web application from an untrusted source with a Security Manager.

However, a malicious application can use PersistentManager to store an object in a session, and thus execute code.

An attacker, who is allowed to upload a malicious web application on the service, can therefore use the PersistentManager of Apache Tomcat, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-0706

Apache Tomcat: information disclosure via StatusManagerServlet

Synthesis of the vulnerability

An attacker, who is allowed to upload a malicious web application on the service, can use a vulnerability in StatusManagerServlet of Apache Tomcat, in order to obtain sensitive information.
Impacted products: Tomcat, Debian, BIG-IP Hardware, TMOS, HP-UX, QRadar SIEM, openSUSE Leap, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, WebLogic, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 22/02/2016.
Identifiers: 1980693, 1983989, c05054964, c05150442, cpuapr2017, CVE-2016-0706, DSA-3530-1, DSA-3552-1, DSA-3609-1, HPSBUX03561, HPSBUX03606, K30971148, openSUSE-SU-2016:0865-1, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, RHSA-2016:2045-01, RHSA-2016:2599-02, RHSA-2016:2807-01, RHSA-2016:2808-01, SOL30971148, SUSE-SU-2016:0769-1, SUSE-SU-2016:0822-1, SUSE-SU-2016:0839-1, USN-3024-1, VIGILANCE-VUL-18997.

Description of the vulnerability

The Apache Tomcat product can execute a web application from an untrusted source with a Security Manager.

However, a malicious application can use StatusManagerServlet to obtain the content of HTTP queries being processed.

An attacker, who is allowed to upload a malicious web application on the service, can therefore use a vulnerability in StatusManagerServlet of Apache Tomcat, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-5351

Apache Tomcat: Cross Site Request Forgery via Manager / Host Manager

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Apache Tomcat, in order to force the victim to perform operations.
Impacted products: Tomcat, Debian, HP-UX, openSUSE Leap, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, WebLogic, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 22/02/2016.
Identifiers: 1980693, c05150442, cpuapr2017, CVE-2015-5351, DSA-3530-1, DSA-3552-1, DSA-3609-1, HPSBUX03606, openSUSE-SU-2016:0865-1, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, RHSA-2016:2599-02, RHSA-2016:2807-01, RHSA-2016:2808-01, SUSE-SU-2016:0769-1, SUSE-SU-2016:0822-1, USN-3024-1, VIGILANCE-VUL-18996.

Description of the vulnerability

The Apache Tomcat product offers a web service, usually protected against Cross Site Request Forgery attacks.

However, the CSRF token can be retrieved through a redirection in the index page of the Manager and Host Manager applications.

An attacker can therefore trigger a Cross Site Request Forgery of Apache Tomcat, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-5346

Apache Tomcat: session fixation via requestedSessionSSL

Synthesis of the vulnerability

An attacker can reuse the requestedSessionSSL value of Apache Tomcat, in order to access to the TLS session of another user.
Impacted products: Tomcat, Debian, HP-UX, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 22/02/2016.
Identifiers: 1980693, bulletinjan2016, c05150442, CVE-2015-5346, DSA-3530-1, DSA-3552-1, DSA-3609-1, HPSBUX03606, openSUSE-SU-2016:0865-1, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, RHSA-2016:2046-01, RHSA-2016:2807-01, RHSA-2016:2808-01, SUSE-SU-2016:0769-1, SUSE-SU-2016:0822-1, USN-3024-1, VIGILANCE-VUL-18995.

Description of the vulnerability

The Apache Tomcat product can recycle its Request object, to improve its performance.

However, the requestedSessionSSL field is not reinitialized. In some special configuration, an attacker can thus set the TLS session identifier, to access to the session of another user.

An attacker can therefore reuse the requestedSessionSSL value of Apache Tomcat, in order to access to the TLS session of another user.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-5345

Apache Tomcat: information disclosure via Security Constraint

Synthesis of the vulnerability

An attacker can use a vulnerability in the management of Security Constraints on Apache Tomcat, in order to obtain sensitive information.
Impacted products: Tomcat, Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, HP-UX, QRadar SIEM, McAfee Web Gateway, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 22/02/2016.
Identifiers: 1980693, 1983989, c05054964, c05150442, CVE-2015-5345, DSA-3530-1, DSA-3552-1, DSA-3609-1, HPSBUX03561, HPSBUX03606, K30971148, openSUSE-SU-2016:0865-1, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, RHSA-2016:2045-01, RHSA-2016:2599-02, SA118, SB10156, SOL30971148, SUSE-SU-2016:0769-1, SUSE-SU-2016:0822-1, SUSE-SU-2016:0839-1, USN-3024-1, VIGILANCE-VUL-18994.

Description of the vulnerability

The Apache Tomcat product can protect a directory with a Security Constraint.

However, if the url associated to the Security Constraint does not end with a '/', the attacker receives a response of type redirection, so he can detect if the directory exists.

An attacker can therefore use a vulnerability in the management of Security Constraints on Apache Tomcat, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-5174

Apache Tomcat: directory traversal of ServletContext

Synthesis of the vulnerability

An attacker, who is allowed to upload a malicious web application on the service, can traverse directories in ServletContext of Apache Tomcat, in order to read the content of a directory outside the service root path.
Impacted products: Tomcat, Debian, BIG-IP Hardware, TMOS, HP-UX, QRadar SIEM, Tivoli Directory Server, openSUSE Leap, Solaris, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 22/02/2016.
Identifiers: 1980693, 1981632, 1983989, bulletinjan2016, c05054964, c05150442, CVE-2015-5174, DSA-3530-1, DSA-3552-1, DSA-3609-1, HPSBUX03561, HPSBUX03606, K30971148, openSUSE-SU-2016:0865-1, RHSA-2016:1432-01, RHSA-2016:1433-01, RHSA-2016:1434-01, RHSA-2016:1435-01, RHSA-2016:2045-01, RHSA-2016:2599-02, SOL30971148, SUSE-SU-2016:0769-1, SUSE-SU-2016:0822-1, SUSE-SU-2016:0839-1, USN-3024-1, VIGILANCE-VUL-18993.

Description of the vulnerability

The Apache Tomcat product can execute a web application from an untrusted source with a Security Manager.

However, the getResource(), getResourceAsStream() and getResourcePaths() methods of ServletContext insert user's data directly in an access path. Sequences such as "/.." can thus be used by the web application to go in the upper directory.

An attacker, who is allowed to upload a malicious web application on the service, can therefore traverse directories in ServletContext of Apache Tomcat, in order to read the content of a directory outside the service root path.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2014-9293 CVE-2014-9294 CVE-2014-9295

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, CheckPoint Power-1 Appliance, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco CUCM, Cisco Unified CCX, Clearswift Email Gateway, Debian, Black Diamond, ExtremeXOS, Ridgeline, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, HP-UX, AIX, Juniper J-Series, JUNOS, Junos Space, NSMXpress, MBS, Meinberg NTP Server, NetBSD, NTP.org, openSUSE, Oracle Communications, Solaris, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 19/12/2014.
Revision date: 17/02/2016.
Identifiers: c04554677, c04574882, c04916783, CERTFR-2014-AVI-537, CERTFR-2014-AVI-538, CERTFR-2016-AVI-148, cisco-sa-20141222-ntpd, cpuoct2016, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, DSA-3108-1, FEDORA-2014-17361, FEDORA-2014-17367, FEDORA-2014-17395, FreeBSD-SA-14:31.ntp, HPSBHF03432, HPSBPV03266, HPSBUX03240, JSA10663, MBGSA-1405, MDVSA-2015:003, MDVSA-2015:140, NetBSD-SA2015-003, openSUSE-SU-2014:1670-1, openSUSE-SU-2014:1680-1, RHSA-2014:2024-01, RHSA-2014:2025-01, RHSA-2015:0104-01, sk103825, SOL15933, SOL15934, SOL15935, SOL15936, SSA:2014-356-01, SSA-671683, SSRT101872, SUSE-SU-2014:1686-1, SUSE-SU-2014:1686-2, SUSE-SU-2014:1686-3, SUSE-SU-2014:1690-1, SUSE-SU-2015:0259-1, SUSE-SU-2015:0259-2, SUSE-SU-2015:0259-3, SUSE-SU-2015:0274-1, SUSE-SU-2015:0322-1, USN-2449-1, VIGILANCE-VUL-15867, VN-2014-005, VU#852879.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can predict the default key generated by config_auth(), in order to bypass the authentication. [severity:2/4; CVE-2014-9293]

An attacker can predict the key generated by ntp-keygen, in order to decrypt sessions. [severity:2/4; CVE-2014-9294]

An attacker can generate a buffer overflow in crypto_recv(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can generate a buffer overflow in ctl_putdata(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can generate a buffer overflow in configure(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can trigger an error in receive(), which is not detected. [severity:1/4; CVE-2014-9296]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HP HP-UX: