The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HPE NNMi

vulnerability note CVE-2012-3546

Apache Tomcat: authentication bypass via URL mangling

Synthesis of the vulnerability

An attacker who must go through authentication via a form, can append /j_security_check to to URL, in order to bypass the authentication process.
Severity: 2/4.
Creation date: 05/12/2012.
Identifiers: BID-56812, c03734195, c03824583, CERTA-2012-AVI-706, CERTA-2013-AVI-145, CERTA-2013-AVI-440, CERTFR-2014-AVI-112, CVE-2012-3546, DSA-2725-1, FEDORA-2012-20151, HPSBMU02894, HPSBUX02866, openSUSE-SU-2012:1700-1, openSUSE-SU-2012:1701-1, openSUSE-SU-2013:0147-1, RHSA-2013:0004-01, RHSA-2013:0005-01, RHSA-2013:0146-01, RHSA-2013:0147-01, RHSA-2013:0151-01, RHSA-2013:0157-01, RHSA-2013:0158-01, RHSA-2013:0162-01, RHSA-2013:0163-01, RHSA-2013:0164-01, RHSA-2013:0191-01, RHSA-2013:0192-01, RHSA-2013:0193-01, RHSA-2013:0194-01, RHSA-2013:0195-01, RHSA-2013:0196-01, RHSA-2013:0197-01, RHSA-2013:0198-01, RHSA-2013:0221-01, RHSA-2013:0235-01, RHSA-2013:0623-01, RHSA-2013:0640-01, RHSA-2013:0641-01, RHSA-2013:0642-01, SSRT101139, VIGILANCE-VUL-12208.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The URL suffix /j_security_check has a special meaningful in the authentication process with a form.

Some Tomcat components other than the one in charge of password check can define the account used to validate accesses for the remote user (the principal). However, when the requested URL has this special suffix, these assignments badly interact with the desire that access to the error pages and login form are always granted, which leads to premature termination of the credentials validation.

An attacker who must go through authentication via a form, can append /j_security_check to to URL, in order to bypass the authentication process.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2012-3267

HP NNMi: information disclosure

Synthesis of the vulnerability

An attacker can use a vulnerability of HP Network Node Manager i, in order to obtain information.
Severity: 1/4.
Creation date: 04/10/2012.
Identifiers: BID-55773, c03507708, CERTA-2012-AVI-547, CVE-2012-3267, HPSBMU02817, SSRT100950, VIGILANCE-VUL-11994.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability of HP Network Node Manager i, in order to obtain information.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2012-2022

HP NNMi: Cross Site Scripting

Synthesis of the vulnerability

An attacker can use several Cross Site Scripting of HP Network Node Manager i, in order to execute JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 06/08/2012.
Identifiers: BID-54815, c03405705, CERTA-2012-AVI-423, CVE-2012-2022, HPSBMU02798, SSRT100908, VIGILANCE-VUL-11822.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several Cross Site Scripting of HP Network Node Manager i, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2012-2018

HP NNMi: Cross Site Scripting

Synthesis of the vulnerability

An attacker can use several Cross Site Scripting of HP Network Node Manager i, in order to execute JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 02/07/2012.
Identifiers: BID-54261, c03343724, CERTA-2012-AVI-362, CVE-2012-2018, HPSBMU02783, SSRT100806, VIGILANCE-VUL-11734.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several Cross Site Scripting of HP Network Node Manager i, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2011-4858

Tomcat, JBoss: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions, in order to overload a service.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/02/2012.
Identifiers: BID-51200, c03183543, c03231290, c03824583, CERTA-2012-AVI-479, CERTA-2013-AVI-440, CVE-2011-4084-REJECT, CVE-2011-4858, DSA-2401-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, FEDORA-2012-7258, FEDORA-2012-7593, HPSBMU02747, HPSBMU02894, HPSBUX02741, openSUSE-SU-2012:0103-1, RHSA-2012:0041-01, RHSA-2012:0074-01, RHSA-2012:0075-01, RHSA-2012:0076-01, RHSA-2012:0077-01, RHSA-2012:0078-01, RHSA-2012:0089-01, RHSA-2012:0091-01, RHSA-2012:0325-01, RHSA-2012:0406-01, RHSA-2012:0474-01, RHSA-2012:0475-01, RHSA-2012:0679-01, RHSA-2012:0680-01, RHSA-2012:0681-01, RHSA-2012:0682-01, SSRT100728, SSRT100771, VIGILANCE-VUL-11383, VMSA-2012-0003.1, VMSA-2012-0005.2, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0013, VMSA-2012-0013.1.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability impacts Tomcat.

In order to simplify VIGILANCE-VUL-11254, which was too big, solutions for Tomcat were moved here.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2011-3563 CVE-2011-3571 CVE-2011-5035

Java JRE/JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 14.
Creation date: 15/02/2012.
Identifiers: BID-52009, BID-52010, BID-52011, BID-52012, BID-52013, BID-52014, BID-52015, BID-52016, BID-52017, BID-52018, BID-52019, BID-52020, BID-52161, c03254184, c03266681, c03316985, c03350339, c03358587, c03405642, CERTA-2012-AVI-085, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CERTA-2012-AVI-479, CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0508, DSA-2420-1, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, FEDORA-2012-1690, FEDORA-2012-1711, FEDORA-2012-1721, HPSBMU02797, HPSBMU02799, HPSBUX02757, HPSBUX02760, HPSBUX02777, HPSBUX02784, javacpufeb2012, MDVSA-2012:021, openSUSE-SU-2012:0309-1, PRE-SA-2012-01, RHSA-2012:0135-01, RHSA-2012:0139-01, RHSA-2012:0322-01, RHSA-2012:0508-01, RHSA-2012:0514-01, RHSA-2012:0702-01, RHSA-2012:1080-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100779, SSRT100805, SSRT100854, SSRT100867, SSRT100871, SUSE-SU-2012:0308-1, SUSE-SU-2012:0602-1, SUSE-SU-2012:0603-1, SUSE-SU-2012:0734-1, SUSE-SU-2012:0881-1, SUSE-SU-2012:1013-1, swg21632667, swg21632668, swg21633991, swg21633992, TPTI-12-01, TSL20120214-01, VIGILANCE-VUL-11368, VMSA-2012-0005.2, VMSA-2012-0005.4, VMSA-2012-0013, VMSA-2012-0013.2, VMSA-2012-0018.1, VMSA-2013-0003, ZDI-12-032, ZDI-12-037, ZDI-12-038, ZDI-12-039, ZDI-12-045, ZDI-12-060, ZDI-12-081, ZDI-12-082, ZDI-12-083.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-52009, CVE-2012-0497]

An attacker can use a vulnerability of 2D (readMabCurveData nTblSize), in order to execute code. [severity:4/4; BID-52019, CVE-2012-0498, ZDI-12-032, ZDI-12-060]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-52016, CVE-2012-0499]

An attacker can invite the vicim to open a malicious JNLP file, in order to execute code via Java Web Start Deployment. [severity:4/4; BID-52015, CVE-2012-0500, TSL20120214-01, ZDI-12-037, ZDI-12-039]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-52010, CVE-2012-0508, ZDI-12-038]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-52020, CVE-2012-0504]

An attacker can use a vulnerability of Concurrency, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-52161, CVE-2011-3571, CVE-2012-0507]

An attacker can use a vulnerability of I18n, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-52018, CVE-2012-0503]

An attacker can use a vulnerability of Serialization, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-52017, CVE-2012-0505]

An attacker can use a vulnerability of AWT, in order to obtain information, or to create a denial of service. [severity:3/4; BID-52011, CVE-2012-0502]

An attacker can use a vulnerability of Sound, in order to obtain information, or to create a denial of service. [severity:3/4; BID-52012, CERTA-2012-AVI-085, CVE-2011-3563]

An attacker can post HTTP data to Lightweight HTTP Server generating storage collisions, in order to overload a remote web server (VIGILANCE-VUL-11381). [severity:3/4; CVE-2011-5035]

An attacker can use a ZIP archive generating an infinite loop in the JRE. [severity:3/4; BID-52013, CVE-2012-0501, PRE-SA-2012-01]

An attacker can use a vulnerability of CORBA, in order to alter information. [severity:2/4; BID-52014, CVE-2012-0506]
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2011-4155 CVE-2011-4156 CVE-2011-5184

HP NNMi: two Cross Site Scripting

Synthesis of the vulnerability

An attacker can create two Cross Site Scripting in HP Network Node Manager i.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/11/2011.
Revision date: 24/11/2011.
Identifiers: 0A29-11-1, BID-50635, BID-50806, c03035744, CERTA-2011-AVI-631, CVE-2011-4155, CVE-2011-4156, CVE-2011-5184, HPSBMU02708, SSRT100633, VIGILANCE-VUL-11151.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create two Cross Site Scripting in HP Network Node Manager i.

An attacker can execute JavaScript code in the context of the web site. [severity:2/4; CERTA-2011-AVI-631, CVE-2011-4155]

An attacker can execute JavaScript code in the context of the web site. [severity:2/4; CVE-2011-4156]
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2011-3389 CVE-2011-3516 CVE-2011-3521

Java JRE/JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 20.
Creation date: 19/10/2011.
Identifiers: BID-49778, BID-50211, BID-50215, BID-50216, BID-50218, BID-50220, BID-50223, BID-50224, BID-50226, BID-50229, BID-50231, BID-50234, BID-50236, BID-50237, BID-50239, BID-50242, BID-50243, BID-50246, BID-50248, BID-50250, c03122753, c03266681, c03316985, c03358587, c03405642, CERTA-2011-AVI-541, CERTA-2011-AVI-580, CERTA-2011-AVI-675, CERTA-2012-AVI-012, CERTA-2012-AVI-045, CERTA-2012-AVI-190, CERTA-2012-AVI-238, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561, DSA-2356-1, DSA-2358-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, FEDORA-2011-14638, FEDORA-2011-14648, FEDORA-2011-15555, HPSBMU02797, HPSBMU02799, HPSBUX02730, HPSBUX02760, HPSBUX02777, javacpuoct2011, MDVSA-2011:170, openSUSE-SU-2011:1196-1, RHSA-2011:1380-01, RHSA-2011:1384-01, RHSA-2011:1478-01, RHSA-2012:0006-01, RHSA-2012:0034-01, RHSA-2012:0343-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100710, SSRT100805, SSRT100854, SSRT100867, SUSE-SU-2011:1298-1, SUSE-SU-2012:0114-1, SUSE-SU-2012:0114-2, SUSE-SU-2012:0122-1, SUSE-SU-2012:0122-2, VIGILANCE-VUL-11072, VMSA-2012-0003, VMSA-2012-0003.1, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0013.1, VU#864643, ZDI-11-305, ZDI-11-306, ZDI-11-307.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50211, CVE-2011-3548]

An attacker can use a vulnerability of Java IIOP Deserialization, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50215, CVE-2011-3521, ZDI-11-306]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50216, CVE-2011-3554]

An attacker can use a vulnerability of Rhino Javascript, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50218, CVE-2011-3544, ZDI-11-305]

An attacker can use a vulnerability of Sound MixerSequencer.nAddControllerEventCallback, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50220, CVE-2011-3545, ZDI-11-307]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50223, CVE-2011-3549]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50224, CVE-2011-3551]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50226, CVE-2011-3550]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-50229, CVE-2011-3516]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-50231, CVE-2011-3556]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-50234, CVE-2011-3557]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:3/4; BID-50236, CVE-2011-3560]

An attacker can use a vulnerability of Java Runtime Environment, in order to alter information, or to create a denial of service. [severity:3/4; BID-50237, CVE-2011-3555]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:3/4; BID-50239, CVE-2011-3546]

An attacker can use a vulnerability of HotSpot, in order to obtain information. [severity:2/4; BID-50242, CVE-2011-3558]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-50243, CERTA-2012-AVI-238, CVE-2011-3547]

An attacker, who can control HTTPS connections of victim's web browser and which has a sufficient bandwidth, can use several SSL sessions in order to compute HTTP headers, such as cookies (VIGILANCE-VUL-11014). [severity:1/4; BID-49778, CERTA-2011-AVI-541, CERTA-2011-AVI-580, CERTA-2011-AVI-675, CERTA-2012-AVI-012, CERTA-2012-AVI-045, CERTA-2012-AVI-190, CVE-2011-3389, VU#864643]

An attacker can use a vulnerability of JAXWS, in order to obtain information. [severity:2/4; BID-50246, CVE-2011-3553]

An attacker can open numerous UDP ports, in order to facilitate a DNS cache poisoning attack (VIGILANCE-VUL-11087). [severity:1/4; BID-50248, CVE-2011-3552]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:1/4; BID-50250, CVE-2011-3561]
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2011-1483

JBoss: denial of service via DTD recursion

Synthesis of the vulnerability

An attacker can send special XML data, in order to create a denial of service when they are analyzed by JBoss Web Services Native.
Severity: 2/4.
Creation date: 16/09/2011.
Identifiers: 692584, BID-49654, c03824583, CERTA-2011-AVI-521, CERTA-2013-AVI-440, CVE-2011-1483, HPSBMU02894, RHSA-2011:1301-01, RHSA-2011:1302-01, RHSA-2011:1303-01, RHSA-2011:1304-01, RHSA-2011:1305-01, RHSA-2011:1306-01, RHSA-2011:1307-01, RHSA-2011:1308-01, RHSA-2011:1309-01, RHSA-2011:1310-01, RHSA-2011:1311-01, RHSA-2011:1312-01, RHSA-2011:1313-01, VIGILANCE-VUL-11000.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A user can send an HTTP POST query, in order to transmit XML data to the JBoss service.

An XML file can contain special characters represented as entities, such as "&abc;". These entities are defined in a DTD (Document Type Definitions).

An attacker can create an entity calling numerous other entities. JBoss does not limit the number of replacements, which creates deep recursive calls.

An attacker can therefore send special XML data, in order to create a denial of service when they are analyzed by JBoss Web Services Native.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2011-0786 CVE-2011-0788 CVE-2011-0802

Java JRE/JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 08/06/2011.
Identifiers: BID-48133, BID-48134, BID-48135, BID-48136, BID-48137, BID-48138, BID-48139, BID-48140, BID-48141, BID-48142, BID-48143, BID-48144, BID-48145, BID-48146, BID-48147, BID-48148, BID-48149, c02945548, c03316985, c03358587, c03405642, CERTA-2003-AVI-005, CERTA-2011-AVI-336, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873, DSA-2311-1, DSA-2358-1, FEDORA-2011-8003, FEDORA-2011-8020, FEDORA-2011-8028, HPSBMU02797, HPSBMU02799, HPSBUX02697, HPSBUX02777, javacpujune2011, MDVSA-2011:126, openSUSE-SU-2011:0633-1, openSUSE-SU-2011:0706-1, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, RHSA-2011:0856-01, RHSA-2011:0857-01, RHSA-2011:0860-01, RHSA-2011:0938-01, RHSA-2011:1087-01, RHSA-2011:1159-01, RHSA-2011:1265-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100591, SSRT100854, SSRT100867, SUSE-SA:2011:030, SUSE-SA:2011:032, SUSE-SA:2011:036, SUSE-SU-2011:0632-1, SUSE-SU-2011:0807-1, SUSE-SU-2011:0863-1, SUSE-SU-2011:0863-2, SUSE-SU-2011:0966-1, SUSE-SU-2011:1082-1, TPTI-11-06, VIGILANCE-VUL-10722, VMSA-2011-0013.1, ZDI-11-182, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191, ZDI-11-192, ZDI-11-199.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of 2D (ICC profile), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48137, CVE-2011-0862, TPTI-11-06, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48148, CVE-2011-0873]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48143, CVE-2011-0815]

An attacker can use a vulnerability of Deployment (IE Browser Plugin), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48134, CVE-2011-0817, ZDI-11-182]

An attacker can use a vulnerability of Deployment (Java Web Start), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48138, CVE-2011-0863, ZDI-11-192]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48139, CVE-2011-0864]

An attacker can use a vulnerability of Soundbank Decompression, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48149, CVE-2011-0802, ZDI-11-199]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48145, CVE-2011-0814]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48142, CVE-2011-0871]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48133, CERTA-2011-AVI-336, CVE-2011-0786]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48135, CVE-2011-0788]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48136, CVE-2011-0866]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-48140, CVE-2011-0868]

An attacker can use a vulnerability of NIO, in order to create a denial of service. [severity:2/4; BID-48141, CVE-2011-0872]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-48144, CVE-2011-0867]

An attacker can use a vulnerability of SAAJ, in order to obtain information. [severity:2/4; BID-48146, CVE-2011-0869]

An attacker can use a vulnerability of Deserialization, in order to alter information. [severity:1/4; BID-48147, CVE-2011-0865]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HPE NNMi: