The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HPE SiteScope

computer vulnerability note CVE-2016-0763

Apache Tomcat: read-write access via setGlobalContext

Synthesis of the vulnerability

An attacker, who is allowed to upload a malicious web application on the service, can bypass access restrictions via setGlobalContext of Apache Tomcat, in order to read or alter data.
Impacted products: Tomcat, Debian, Fedora, SiteScope, HP-UX, Snap Creator Framework, openSUSE Leap, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: document.
Creation date: 22/02/2016.
Identifiers: 1980693, c05150442, c05324755, cpuapr2017, cpuoct2017, CVE-2016-0763, DSA-3530-1, DSA-3552-1, DSA-3609-1, FEDORA-2016-e6651efbaf, HPSBGN03669, HPSBUX03606, NTAP-20180531-0001, openSUSE-SU-2016:0865-1, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, RHSA-2016:2599-02, RHSA-2016:2807-01, RHSA-2016:2808-01, SUSE-SU-2016:0769-1, SUSE-SU-2016:0822-1, USN-3024-1, VIGILANCE-VUL-18999.

Description of the vulnerability

The Apache Tomcat product can execute a web application from an untrusted source with a Security Manager.

However, a malicious application can use ResourceLinkFactory.setGlobalContext() to inject a context in another application, and access to its data.

An attacker, who is allowed to upload a malicious web application on the service, can therefore bypass access restrictions via setGlobalContext of Apache Tomcat, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 18072

HP SiteScope: privilege escalation via DNS Tool

Synthesis of the vulnerability

A local attacker can use the DNS Tool of HP SiteScope, in order to escalate his privileges.
Impacted products: SiteScope.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/10/2015.
Identifiers: R7-2015-17, SSRT103139, VIGILANCE-VUL-18072, VU#626368.

Description of the vulnerability

The HP SiteScope product usually allows local users to access to DNS tools.

However, on Windows, an attacker can ask the resolution of "example.com & shell-command". In this case, as "&" is a command separator, the shell command is run with privileges of the SiteScope service (SYSTEM).

A local attacker can therefore use the DNS Tool of HP SiteScope, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-3253

Apache Groovy: code execution via MethodClosure

Synthesis of the vulnerability

An attacker can use a vulnerability in MethodClosure of Apache Groovy, in order to run code.
Impacted products: Blue Coat CAS, SGOS by Blue Coat, Fedora, SiteScope, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, WebLogic, Oracle Web Tier, RHEL.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 24/09/2015.
Identifiers: c05324755, cpuapr2019, cpujan2018, cpujul2017, cpuoct2016, cpuoct2017, CVE-2015-3253, FEDORA-2015-15907, FEDORA-2017-6a0389a6a7, FEDORA-2017-9899aba20e, HPSBGN03669, RHSA-2015:2556-01, RHSA-2015:2557-01, RHSA-2015:2558-01, RHSA-2016:0066-01, RHSA-2016:0118-01, RHSA-2017:2596-01, SA110, VIGILANCE-VUL-17973.

Description of the vulnerability

An attacker can use a vulnerability in MethodClosure of Apache Groovy, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-2120

HP SiteScope: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of HP SiteScope, in order to escalate his privileges.
Impacted products: SiteScope.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 26/05/2015.
Revision date: 27/05/2015.
Identifiers: c04688784, CVE-2015-2120, HPSBGN03325, SSRT101902, VIGILANCE-VUL-16988, ZDI-15-239, ZDI-CAN-2567.

Description of the vulnerability

The HP SiteScope product is used for software monitoring.

However, a remote authenticated user can read the users.config file, containing information about users.

An attacker can therefore bypass restrictions of HP SiteScope, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-2808

TLS: RC4 decryption via Bar Mitzvah

Synthesis of the vulnerability

An attacker can use the Bar Mitzvah Attack on TLS, in order to obtain sensitive information encrypted by RC4.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Avamar, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, HPE BSM, HP Data Protector, HPE NNMi, HP Operations, SiteScope, HP Switch, HP-UX, AIX, DB2 UDB, Domino, Notes, IRAD, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, SnapManager, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 27/03/2015.
Identifiers: 1450666, 1610582, 1647054, 1882708, 1883551, 1883553, 1902260, 1903541, 1960659, 1963275, 1967498, 523628, 7014463, 7022958, 7045736, 9010041, 9010044, Bar Mitzvah, BSA-2015-007, c04708650, c04767175, c04770140, c04772305, c04773119, c04773241, c04777195, c04777255, c04832246, c04926789, c05085988, c05336888, cpujan2018, cpuoct2017, CVE-2015-2808, DSA-2018-124, HPSBGN03350, HPSBGN03393, HPSBGN03399, HPSBGN03407, HPSBGN03414, HPSBGN03415, HPSBGN03580, HPSBHF03673, HPSBMU03345, HPSBMU03401, HPSBUX03435, HPSBUX03512, NTAP-20150715-0001, NTAP-20151028-0001, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SOL16864, SSRT102254, SSRT102977, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, VIGILANCE-VUL-16486, VN-2015-004.

Description of the vulnerability

During the initialization of a TLS session, the client and the server negotiate cryptographic algorithms. The RC4 algorithm can be chosen to encrypt data.

For some weak keys (one over 2^24), the Invariance Weakness can be used to predict the two LSB (Least Significant Bit) of the 100 first bytes encrypted with RC4. The first TLS message is "Finished" (36 bytes), thus an attacker can predict LSBs of 64 bytes.

An attacker can therefore use the Bar Mitzvah Attack on TLS, in order to obtain sensitive information encrypted by RC4.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-7882

HP SiteScope: privilege escalation

Synthesis of the vulnerability

A remote attacker can use HP SiteScope, in order to escalate his privileges.
Impacted products: SiteScope.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 26/01/2015.
Identifiers: c04539443, CVE-2014-7882, HPSBMU03232, VIGILANCE-VUL-16043.

Description of the vulnerability

A remote attacker can use HP SiteScope, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-3566

SSL 3.0: decrypting session, POODLE

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0 session, in order to obtain sensitive information.
Impacted products: SES, SNS, Apache httpd, Arkoon FAST360, ArubaOS, Asterisk Open Source, BES, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, IronPort Email, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, WebNS, Clearswift Email Gateway, Clearswift Web Gateway, CUPS, Debian, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, F-Secure AV, hMailServer, HPE BSM, HP Data Protector, HPE NNMi, HP Operations, ProCurve Switch, SiteScope, HP Switch, TippingPoint IPS, HP-UX, AIX, Domino, Notes, Security Directory Server, SPSS Data Collection, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, IVE OS, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, McAfee Email and Web Security, McAfee Email Gateway, ePO, VirusScan, McAfee Web Gateway, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Windows Vista, NETASQ, NetBSD, NetScreen Firewall, ScreenOS, nginx, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT, Solaris, Tuxedo, WebLogic, Palo Alto Firewall PA***, PAN-OS, Polycom CMA, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, Postfix, SSL protocol, Puppet, RHEL, JBoss EAP by Red Hat, RSA Authentication Manager, ROS, ROX, RuggedSwitch, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, WinSCP.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 15/10/2014.
Identifiers: 10923, 1589583, 1595265, 1653364, 1657963, 1663874, 1687167, 1687173, 1687433, 1687604, 1687611, 1690160, 1690185, 1690342, 1691140, 1692551, 1695392, 1696383, 1699051, 1700706, 2977292, 3009008, 7036319, aid-10142014, AST-2014-011, bulletinapr2015, bulletinjan2015, bulletinjan2016, bulletinjul2015, bulletinjul2016, bulletinoct2015, c04486577, c04487990, c04492722, c04497114, c04506802, c04510230, c04567918, c04616259, c04626982, c04676133, c04776510, CERTFR-2014-ALE-007, CERTFR-2014-AVI-454, CERTFR-2014-AVI-509, CERTFR-2015-AVI-169, CERTFR-2016-AVI-303, cisco-sa-20141015-poodle, cpujul2017, CTX216642, CVE-2014-3566, DSA-3053-1, DSA-3253-1, DSA-3489-1, ESA-2014-178, ESA-2015-098, ESXi500-201502001, ESXi500-201502101-SG, ESXi510-201503001, ESXi510-201503001-SG, ESXi510-201503101-SG, ESXi550-201501001, ESXi550-201501101-SG, FEDORA-2014-12989, FEDORA-2014-12991, FEDORA-2014-13012, FEDORA-2014-13017, FEDORA-2014-13040, FEDORA-2014-13069, FEDORA-2014-13070, FEDORA-2014-13444, FEDORA-2014-13451, FEDORA-2014-13764, FEDORA-2014-13777, FEDORA-2014-13781, FEDORA-2014-13794, FEDORA-2014-14234, FEDORA-2014-14237, FEDORA-2014-15379, FEDORA-2014-15390, FEDORA-2014-15411, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2015-9090, FEDORA-2015-9110, FreeBSD-SA-14:23.openssl, FSC-2014-8, HPSBGN03256, HPSBGN03305, HPSBGN03332, HPSBHF03156, HPSBHF03300, HPSBMU03152, HPSBMU03184, HPSBMU03213, HPSBMU03416, HPSBUX03162, HPSBUX03194, JSA10656, MDVSA-2014:203, MDVSA-2014:218, MDVSA-2015:062, NetBSD-SA2014-015, nettcp_advisory, openSUSE-SU-2014:1331-1, openSUSE-SU-2014:1384-1, openSUSE-SU-2014:1395-1, openSUSE-SU-2014:1426-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1586-1, openSUSE-SU-2017:0980-1, PAN-SA-2014-0005, POODLE, RHSA-2014:1652-01, RHSA-2014:1653-01, RHSA-2014:1692-01, RHSA-2014:1920-01, RHSA-2014:1948-01, RHSA-2015:0010-01, RHSA-2015:0011-01, RHSA-2015:0012-01, RHSA-2015:1545-01, RHSA-2015:1546-01, SA83, SB10090, SB10104, sk102989, SOL15702, SP-CAAANKE, SP-CAAANST, SPL-91947, SPL-91948, SSA:2014-288-01, SSA-396873, SSA-472334, SSRT101767, STORM-2014-02-FR, SUSE-SU-2014:1357-1, SUSE-SU-2014:1361-1, SUSE-SU-2014:1386-1, SUSE-SU-2014:1387-1, SUSE-SU-2014:1387-2, SUSE-SU-2014:1409-1, SUSE-SU-2015:0010-1, SUSE-SU-2016:1457-1, SUSE-SU-2016:1459-1, T1021439, TSB16540, USN-2839-1, VIGILANCE-VUL-15485, VMSA-2015-0001, VMSA-2015-0001.1, VMSA-2015-0001.2, VN-2014-003, VU#577193.

Description of the vulnerability

An SSL/TLS session can be established using several protocols:
 - SSL 2.0 (obsolete)
 - SSL 3.0
 - TLS 1.0
 - TLS 1.1
 - TLS 1.2

An attacker can downgrade the version to SSLv3. However, with SSL 3.0, an attacker can change the padding position with a CBC encryption, in order to progressively guess clear text fragments.

This vulnerability is named POODLE (Padding Oracle On Downgraded Legacy Encryption).

An attacker, located as a Man-in-the-Middle, can therefore decrypt a SSL 3.0 session, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-2614

HP SiteScope: privilege escalation

Synthesis of the vulnerability

A remote attacker can bypass the HP SiteScope authentication, in order to escalate his privileges.
Impacted products: SiteScope.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 03/07/2014.
Identifiers: c04355129, CVE-2014-2614, HPSBMU03059, VIGILANCE-VUL-14986, ZDI-14-228.

Description of the vulnerability

A remote attacker can bypass the authentication of EmailServlet of HP SiteScope, to download files, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-0114

Apache Struts 1: code execution via ClassLoader

Synthesis of the vulnerability

An attacker can use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Impacted products: Struts, Debian, BIG-IP Hardware, TMOS, Fedora, SiteScope, IRAD, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, Puppet, RHEL, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 26/05/2014.
Identifiers: 1672316, 1673982, 1674339, 1675822, 2016214, c04399728, c05324755, CERTFR-2014-AVI-382, cpuapr2017, cpujan2018, cpujan2019, cpuoct2017, cpuoct2018, CVE-2014-0114, DSA-2940-1, ESA-2014-080, FEDORA-2014-9380, HPSBGN03669, HPSBMU03090, ibm10719287, ibm10719297, ibm10719301, ibm10719303, ibm10719307, MDVSA-2014:095, RHSA-2014:0474-01, RHSA-2014:0497-01, RHSA-2014:0500-01, RHSA-2014:0511-01, RHSA-2018:2669-01, SOL15282, SUSE-SU-2014:0902-1, swg22017525, VIGILANCE-VUL-14799, VMSA-2014-0008, VMSA-2014-0008.1, VMSA-2014-0008.2, VMSA-2014-0012.

Description of the vulnerability

The Apache Struts product is used to develop Java EE applications.

However, the "class" parameter is mapped to getClass(), and can be used to manipulate the ClassLoader.

An attacker can therefore use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-0107

Xalan-Java: vulnerabilities of FEATURE_SECURE_PROCESSING

Synthesis of the vulnerability

An attacker can use several vulnerabilities of the FEATURE_SECURE_PROCESSING implementation in Xalan-Java.
Impacted products: Xalan-Java, Debian, Fedora, SiteScope, Mule ESB, openSUSE, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/03/2014.
Identifiers: c05324755, CERTFR-2014-AVI-252, CERTFR-2014-AVI-365, CVE-2014-0107, DSA-2886-1, FEDORA-2014-4426, FEDORA-2014-4443, HPSBGN03669, oCERT-2014-002, openSUSE-SU-2014:0861-1, openSUSE-SU-2014:0948-1, RHSA-2014:0348-01, RHSA-2014:0453-01, RHSA-2014:0454-01, RHSA-2014:0590-01, RHSA-2014:0591-01, RHSA-2014:0818-01, RHSA-2014:0819-01, RHSA-2014:1007-01, RHSA-2014:1059-01, RHSA-2014:1290-01, RHSA-2014:1291-01, RHSA-2014:1351-01, RHSA-2014:1369-01, RHSA-2014:1995-01, RHSA-2015:1009, SUSE-SU-2014:0870-1, USN-2218-1, VIGILANCE-VUL-14468, XALANJ-2435.

Description of the vulnerability

The FEATURE_SECURE_PROCESSING (http://javax.xml.XMLConstants/feature/secure-processing) constant requires Xalan-Java to analyze XML files in a secure way, in order for example to block denial of service attacks. However, it is impacted by three vulnerabilities.

An attacker can access to XSLT 1.0 system-property(), in order to obtain sensitive information. [severity:2/4]

The xalan:content-handler and xalan:entities properties can be used to load a class or an external resource. [severity:2/4; XALANJ-2435]

If BSF (Bean Scripting Framework) is in the classpath, an attacker can open a JAR, in order to execute code. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HPE SiteScope: