The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Juniper Junos Space Service Insight

computer vulnerability note CVE-2012-3144 CVE-2012-3147 CVE-2012-3149

MySQL: several vulnerabilities of October 2012

Synthesis of the vulnerability

Several vulnerabilities of MySQL are corrected by the CPU of October 2012.
Impacted products: Debian, BIG-IP Hardware, TMOS, Junos Space, Junos Space Network Management Platform, MySQL Community, MySQL Enterprise, Percona Server, RHEL.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 14.
Creation date: 17/10/2012.
Identifiers: CERTA-2012-AVI-579, cpuoct2012, CVE-2012-3144, CVE-2012-3147, CVE-2012-3149, CVE-2012-3150, CVE-2012-3156, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197, DSA-2581-1, JSA10601, MDVSA-2013:102, RHSA-2012:1462-01, SOL14907, VIGILANCE-VUL-12079.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of MySQL.

An attacker can use a vulnerability of Information Schema, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2012-3163]

An attacker can use a vulnerability of MySQL Protocol, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2012-3158]

An attacker can use a vulnerability of Server, in order to create a denial of service. [severity:2/4; CVE-2012-3177]

An attacker can use a vulnerability of MySQL Client, in order to alter information, or to create a denial of service. [severity:2/4; CVE-2012-3147]

An attacker can use a vulnerability of InnoDB, in order to create a denial of service. [severity:2/4; CVE-2012-3166]

An attacker can use a vulnerability of InnoDB Plugin, in order to create a denial of service. [severity:2/4; CVE-2012-3173]

An attacker can use a vulnerability of Server, in order to create a denial of service. [severity:2/4; CVE-2012-3144]

An attacker can use a vulnerability of Server Optimizer, in order to create a denial of service. [severity:2/4; CVE-2012-3150]

An attacker can use a vulnerability of Server Optimizer, in order to create a denial of service. [severity:2/4; CVE-2012-3180]

An attacker can use a vulnerability of MySQL Client, in order to obtain information. [severity:2/4; CVE-2012-3149]

An attacker can use a vulnerability of Server, in order to create a denial of service. [severity:2/4; CVE-2012-3156]

An attacker can use a vulnerability of Server Full Text Search, in order to create a denial of service. [severity:3/4; CVE-2012-3167]

An attacker can use a vulnerability of Server Replication, in order to create a denial of service. [severity:2/4; CVE-2012-3197]

An attacker can use a vulnerability of Server Installation, in order to obtain information. [severity:1/4; CVE-2012-3160]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2012-1531 CVE-2012-1532 CVE-2012-1533

Java JRE/JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Fedora, HP-UX, WebSphere MQ, Junos Space, Junos Space Network Management Platform, Mandriva Linux, Windows (platform) ~ not comprehensive, Java OpenJDK, openSUSE, Java Oracle, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, ESX, VirtualCenter.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 27.
Creation date: 17/10/2012.
Identifiers: BID-55501, BID-55538, BID-56025, BID-56033, BID-56039, BID-56043, BID-56046, BID-56051, BID-56054, BID-56055, BID-56056, BID-56057, BID-56058, BID-56059, BID-56061, BID-56063, BID-56065, BID-56067, BID-56070, BID-56071, BID-56072, BID-56075, BID-56076, BID-56079, BID-56080, BID-56081, BID-56082, BID-56083, c03595351, CERTA-2012-AVI-576, CERTA-2012-AVI-746, CERTA-2013-AVI-094, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-4420, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089, CVE-2012-5979-ERROR, DSECRG-12-039, ESX350-201302401-SG, FEDORA-2012-16346, FEDORA-2012-16351, IC89804, javacpuoct2012, MDVSA-2012:169, openSUSE-SU-2012:1419-1, openSUSE-SU-2012:1423-1, openSUSE-SU-2012:1424-1, RHSA-2012:1384-01, RHSA-2012:1385-01, RHSA-2012:1386-01, RHSA-2012:1391-01, RHSA-2012:1392-01, RHSA-2012:1465-01, RHSA-2012:1466-01, RHSA-2012:1467-01, RHSA-2012:1485-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SUSE-SU-2012:1398-1, SUSE-SU-2012:1489-1, SUSE-SU-2012:1489-2, SUSE-SU-2012:1490-1, SUSE-SU-2012:1588-1, SUSE-SU-2012:1595-1, swg21621958, swg21621959, VIGILANCE-VUL-12072, VMSA-2013-0001.2, VMSA-2013-0003.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56025, CVE-2012-5083]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56033, CVE-2012-1531]

An attacker can use a vulnerability of Beans, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56039, CVE-2012-5086]

An attacker can use a vulnerability of Beans, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56043, CVE-2012-5087]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56046, CVE-2012-1533]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56051, CVE-2012-1532]

An attacker can use the class com.sun.org.glassfish.gmbal.util.GenericConstructor in order to execute arbitrary JVM code. [severity:3/4; BID-56054, CVE-2012-5076]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56055, CVE-2012-3143]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56057, CVE-2012-5088]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56059, CVE-2012-5089]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56063, CVE-2012-5084]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56072, CVE-2012-3159]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-56076, CVE-2012-5068]

When a Java application uses an integer array, and the Arrays.fill() method, the array memory area is not initialized to zero by the JRE, so an attacker can obtain a fragment memory (VIGILANCE-VUL-11929). [severity:3/4; BID-55501, BID-55538, CVE-2012-4416, CVE-2012-4420]

An attacker can use a vulnerability of JAX-WS, in order to obtain or alter information. [severity:3/4; BID-56056, CVE-2012-5074]

An attacker can use a vulnerability of JMX, in order to obtain or alter information. [severity:3/4; BID-56061, CVE-2012-5071]

An attacker can use a vulnerability of Concurrency, in order to obtain or alter information. [severity:3/4; BID-56065, CVE-2012-5069]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-56070, CVE-2012-5067]

An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; BID-56079, CVE-2012-5070]

An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; BID-56081, CVE-2012-5075]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; BID-56080, CVE-2012-5073]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; BID-56082, CVE-2012-5079, CVE-2012-5979-ERROR]

An attacker can use a vulnerability of Security, in order to alter information. [severity:2/4; BID-56083, CVE-2012-5072]

An attacker can use a vulnerability of JSSE (ROBOT Attack VIGILANCE-VUL-24749), in order to create a denial of service. [severity:2/4; BID-56071, CVE-2012-5081]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:1/4; BID-56075, CVE-2012-3216]

An attacker can use a vulnerability of Security, in order to obtain information. [severity:1/4; BID-56058, CVE-2012-5077]

An attacker can use a vulnerability of Gopher, in order to send packets. [severity:1/4; BID-56067, CVE-2012-5085, DSECRG-12-039]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-2131

OpenSSL 0.9.8: memory corruption via asn1_d2i_read_bio

Synthesis of the vulnerability

An attacker can use malformed ASN.1 data, with an application linked to OpenSSL 0.9.8, in order to corrupt the memory, which leads to a denial of service or to code execution.
Impacted products: Debian, HP-UX, AIX, Tivoli Workload Scheduler, Junos Space, Mandriva Linux, OpenSSL, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Creation date: 24/04/2012.
Identifiers: 1643316, BID-53212, c03333987, CERTA-2012-AVI-286, CERTA-2012-AVI-419, CERTFR-2014-AVI-480, CERTFR-2016-AVI-300, CVE-2012-2131, DSA-2454-2, HPSBUX02782, JSA10659, MDVSA-2012:064, RHSA-2012:0518-01, RHSA-2012:0522-01, SSRT100844, SUSE-SU-2012:0623-1, SUSE-SU-2012:0637-1, VIGILANCE-VUL-11564.

Description of the vulnerability

The version 0.9.8v of OpenSSL was published to correct the vulnerability VIGILANCE-VUL-11559.

However, the vulnerability was not fully corrected by this version.

An attacker can therefore still use malformed ASN.1 data, with an application linked to OpenSSL 0.9.8, in order to corrupt the memory, which leads to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-2110

OpenSSL: memory corruption via asn1_d2i_read_bio

Synthesis of the vulnerability

An attacker can use malformed ASN.1 data, with an application linked to OpenSSL, in order to corrupt the memory, which leads to a denial of service or to code execution.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, IVE OS, Junos Pulse, Junos Space, Juniper SA, Juniper SBR, Mandriva Linux, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, ESX.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Creation date: 19/04/2012.
Identifiers: 1643316, BID-53158, c03333987, CERTA-2012-AVI-224, CERTA-2012-AVI-286, CERTA-2012-AVI-419, CERTA-2012-AVI-479, CERTFR-2014-AVI-480, CERTFR-2016-AVI-300, CVE-2012-2110, DSA-2454-1, ESX350-201302401-SG, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, FEDORA-2012-6395, FEDORA-2012-6403, FreeBSD-SA-12:01.openssl, HPSBUX02782, JSA10659, KB27376, MDVSA-2012:060, NetBSD-SA2012-001, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, PSN-2012-09-712, PSN-2013-03-872, PSN-2013-05-941, RHSA-2012:0518-01, RHSA-2012:0522-01, RHSA-2012:1306-01, RHSA-2012:1307-01, RHSA-2012:1308-01, SOL16285, SSRT100844, SUSE-SU-2012:0623-1, SUSE-SU-2012:0637-1, SUSE-SU-2012:1149-1, SUSE-SU-2012:1149-2, VIGILANCE-VUL-11559, VMSA-2012-0003.1, VMSA-2012-0005.2, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0013, VMSA-2012-0013.1, VMSA-2013-0001.2, VMSA-2013-0003.

Description of the vulnerability

X.509 certificates are encoded with ASN.1 (Abstract Syntax Notation).

OpenSSL uses BIO, which are data streams where a program can write or read.

The asn1_d2i_read_bio() function of OpenSSL decodes ASN.1 data coming from a BIO.

However, this function converts ("cast") size of ASN.1 objects to signed integers (where as "size_t" is unsigned). If the announced size of an object is greater than 0x80000000, an allocation error thus occurs, and the memory is corrupted.

The asn1_d2i_read_bio() function is used by several OpenSSL functions. Note: SSL/TLS clients/servers do not use this function, and are thus not vulnerable (there are exceptions if d2i_X509_bio() is called). However, S/MIME or CMS applications are vulnerable.

An attacker can therefore use malformed ASN.1 data, with an application linked to OpenSSL, in order to corrupt the memory, which leads to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2012-0882

MySQL: vulnerability

Synthesis of the vulnerability

A vulnerability impacts MySQL.
Impacted products: Junos Space, Junos Space Network Management Platform, MySQL Community, MySQL Enterprise, Percona Server.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: user account.
Creation date: 10/02/2012.
Identifiers: BID-51925, BID-52154-REJECT, CVE-2012-0882, JSA10601, VIGILANCE-VUL-11350.

Description of the vulnerability

A vulnerability impacts MySQL.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2012-0053

Apache httpd: reading an HttpOnly cookie

Synthesis of the vulnerability

An attacker can use a malformed HTTP query, in order to generate a code 400 error, which displays user's HttpOnly cookies, so JavaScript code can access them.
Impacted products: Apache httpd, Debian, BIG-IP Hardware, TMOS, Fedora, OpenView NNM, HP-UX, Junos Space, Junos Space Network Management Platform, Mandriva Linux, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 27/01/2012.
Identifiers: BID-51706, c03231301, c03278391, CERTA-2012-AVI-225, CVE-2012-0053, DSA-2405-1, FEDORA-2012-1598, FEDORA-2012-1642, HPSBMU02748, HPSBUX02761, JSA10585, MDVSA-2012:012, openSUSE-SU-2012:0314-1, RHSA-2012:0128-01, RHSA-2012:0323-01, RHSA-2012:0542-01, RHSA-2012:0543-01, SOL15273, SOL15889, SSA:2012-041-01, SSRT100772, SSRT100823, SUSE-SU-2012:0284-1, SUSE-SU-2012:0323-1, VIGILANCE-VUL-11323.

Description of the vulnerability

The HTTP Set-Cookie header defines a cookie. This header can also contain the HttpOnly attribute:
  Set-Cookie: v=abc; HttpOnly
This attribute indicates that this cookie cannot be accessed from JavaScript. This feature is supported since IE 6 SP1, Mozilla Firefox 3.0.0.6 and Opera 9.23, in order to protect a website against a Cross Site Scripting.

When Apache httpd receives a malformed HTTP query, (CONNECT with "authority", line larger than LimitRequestFieldSize, header without ':'), it returns a code 400 error page. If there is no default error page defined by ErrorDocument, Apache httpd dynamically generates this page. However, the generated page contains all headers, in order to help developers. Cookies are thus displayed inside the HTML, even if they have the HttpOnly attribute. As JavaScript code is allowed to read an HTML document, it can thus read the cookie.

An attacker can therefore use a malformed HTTP query, in order to generate a code 400 error, which displays user's HttpOnly cookies, so JavaScript code can access them.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2011-2262 CVE-2012-0075 CVE-2012-0087

MySQL: several vulnerabilities of January 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle MySQL are corrected by the CPU of January 2012.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, Junos Space Network Management Platform, MySQL Community, MySQL Enterprise, openSUSE, Percona Server, RHEL.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 27.
Creation date: 18/01/2012.
Identifiers: BID-51488, BID-51493, BID-51502, BID-51503, BID-51504, BID-51505, BID-51506, BID-51507, BID-51508, BID-51509, BID-51510, BID-51511, BID-51512, BID-51513, BID-51514, BID-51515, BID-51516, BID-51517, BID-51518, BID-51519, BID-51520, BID-51521, BID-51522, BID-51523, BID-51524, BID-51525, BID-51526, CERTA-2012-AVI-024, cpujan2012, CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0117, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0490, CVE-2012-0491, CVE-2012-0492, CVE-2012-0493, CVE-2012-0494, CVE-2012-0495, CVE-2012-0496, DSA-2429-1, FEDORA-2012-0972, FEDORA-2012-0987, JSA10601, openSUSE-SU-2012:0618-1, openSUSE-SU-2012:0619-1, RHSA-2012:0105-01, RHSA-2012:0127-01, sol14410, VIGILANCE-VUL-11296.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle MySQL.

An attacker can use a vulnerability of MySQL, in order to obtain information, or to create a denial of service. [severity:2/4; BID-51488, CVE-2012-0113]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51493, CERTA-2012-AVI-024, CVE-2011-2262]

An attacker can use a vulnerability of MySQL, in order to obtain or alter information. [severity:2/4; BID-51508, CVE-2012-0116]

An attacker can use a vulnerability of MySQL, in order to obtain information, or to create a denial of service. [severity:2/4; BID-51511, CVE-2012-0118]

An attacker can use a vulnerability of MySQL, in order to obtain or alter information. [severity:2/4; BID-51507, CVE-2012-0496]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51509, CVE-2012-0087]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51505, CVE-2012-0101]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51502, CVE-2012-0102]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51504, CVE-2012-0115]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51512, CVE-2012-0119]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51517, CVE-2012-0120]

An attacker can use a vulnerability of MySQL, in order to obtain information. [severity:2/4; BID-51515, CVE-2012-0484]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51513, CVE-2012-0485]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51514, CVE-2012-0486]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51503, CVE-2012-0487]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51506, CVE-2012-0488]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51510, CVE-2012-0489]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51524, CVE-2012-0490]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51518, CVE-2012-0491]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51522, CVE-2012-0495]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51519, CVE-2012-0112]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:2/4; BID-51521, CVE-2012-0117]

An attacker can use a vulnerability of MySQL, in order to obtain or alter information. [severity:2/4; BID-51520, CVE-2012-0114]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:1/4; BID-51516, CVE-2012-0492]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:1/4; BID-51525, CVE-2012-0493]

An attacker can use a vulnerability of MySQL, in order to alter information. [severity:2/4; BID-51526, CVE-2012-0075]

An attacker can use a vulnerability of MySQL, in order to create a denial of service. [severity:1/4; BID-51523, CVE-2012-0494]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-4317

Apache httpd: access to another server via mod_proxy

Synthesis of the vulnerability

An attacker can use a malicious HTTP query, when mod_proxy uses RewriteRule or ProxyPassMatch, in order to access to web resources of another server.
Impacted products: Apache httpd, Debian, BIG-IP Hardware, TMOS, OpenView NNM, Junos Space, Junos Space Network Management Platform, Mandriva Linux, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, data flow.
Provenance: internet client.
Creation date: 25/11/2011.
Identifiers: BID-50802, c03231301, CVE-2011-4317, DSA-2405-1, HPSBMU02748, JSA10585, MDVSA-2012:003, openSUSE-SU-2012:0212-1, openSUSE-SU-2012:0248-1, openSUSE-SU-2013:0243-1, openSUSE-SU-2013:0248-1, RHSA-2012:0128-01, SOL15889, SSA:2012-041-01, SSRT100772, SUSE-SU-2011:1309-1, SUSE-SU-2011:1322-1, VIGILANCE-VUL-11179.

Description of the vulnerability

The mod_proxy module is used to configure Apache httpd as a proxy, in order to access to an internal web server. Its resources are voluntarily public.

However, the VIGILANCE-VUL-11041 vulnerability of mod_proxy was not fully corrected.

Indeed, the case where the query has a scheme ("something:endOfQuery") was not corrected. The scheme ("something:") is removed, and the end of query ("endOfQuery") is concatenated to the rewrite rule.

An attacker can therefore still use a malicious HTTP query on Apache httpd, when mod_proxy uses RewriteRule or ProxyPassMatch, in order to access to web resources of another server.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-3368

Apache httpd: access to another server via mod_proxy

Synthesis of the vulnerability

An attacker can use a malicious HTTP query, when mod_proxy uses RewriteRule or ProxyPassMatch, in order to access to web resources of another server.
Impacted products: Apache httpd, Debian, BIG-IP Hardware, TMOS, Fedora, OpenView NNM, Junos Space, Junos Space Network Management Platform, Mandriva Linux, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, data flow.
Provenance: internet client.
Creation date: 05/10/2011.
Identifiers: BID-49957, c03231301, CERTA-2011-AVI-562, CERTA-2011-AVI-607, CERTA-2012-AVI-050, CERTA-2012-AVI-156, CVE-2011-3368, DSA-2405-1, FEDORA-2012-1598, FEDORA-2012-1642, HPSBMU02748, JSA10585, MDVSA-2011:144, openSUSE-SU-2012:0212-1, openSUSE-SU-2012:0248-1, openSUSE-SU-2013:0243-1, openSUSE-SU-2014:1647-1, RHSA-2011:1391-01, RHSA-2011:1392-01, RHSA-2012:0542-01, RHSA-2012:0543-01, SOL15889, SSA:2012-041-01, SSRT100772, SUSE-SU-2011:1229-1, SUSE-SU-2011:1309-1, SUSE-SU-2011:1322-1, VIGILANCE-VUL-11041.

Description of the vulnerability

The mod_proxy module is used to configure Apache httpd as a proxy, in order to access to an internal web server. Its resources are voluntarily public.

The RewriteRule and ProxyPassMatch directives are used to rewrite requested HTTP paths (url). For example:
  RewriteRule (.*) http://voluntaryPublic.example.com$1 [P]
  ProxyPassMatch (.*) http://voluntaryPublic.example.com$1

However, if the domain name does not end by a '/', an attacker can for example use the following HTTP query:
  GET @privateServer.example.com/page.html HTTP/1.1
This query will be rewritten as:
  GET http://voluntaryPublic.example.com@privateServer.example.com/page.html HTTP/1.1
The attacker then has access to the web page located on the private server.

An attacker can therefore use a malicious HTTP query, when mod_proxy uses RewriteRule or ProxyPassMatch, in order to access to web resources of another server.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-3348

Apache httpd: denial of service via mod_proxy_ajp

Synthesis of the vulnerability

When mod_proxy_ajp is used with mod_proxy_balancer, an attacker can use an unknown HTTP method, in order to create a denial of service.
Impacted products: Apache httpd, OpenView, OpenView NNM, HP-UX, Junos Space, Junos Space Network Management Platform, Mandriva Linux, OpenSolaris, RHEL, Slackware.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 14/09/2011.
Identifiers: BID-49616, c03011498, c03025215, CERTA-2011-AVI-516, CVE-2011-3348, HPSBMU02704, HPSBUX02707, MDVSA-2011:168, PSN-2013-02-846, RHSA-2011:1391-01, RHSA-2012:0542-01, RHSA-2012:0543-01, SSA:2011-284-01, SSRT100619, SSRT100626, VIGILANCE-VUL-10991.

Description of the vulnerability

The mod_proxy module provides a generic proxy service for Apache httpd. The mod_proxy_ajp module adds the AJP13 (Apache JServe Protocol version 1.3) support, which is used with Tomcat. The mod_proxy_balancer module is used to balance the load between several proxies.

The HTTP protocol defines a list of methods (GET, POST, etc.) which are used in queries.

The ap_proxy_ajp_request() function of the modules/proxy/mod_proxy_ajp.c file does not ignore unknown HTTP methods. However, when mod_proxy_balancer is also used, the associated proxy enters in an error state. Using several queries, an attacker can thus stop all balanced proxies.

When mod_proxy_ajp is used with mod_proxy_balancer, an attacker can therefore use an unknown HTTP method, in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Juniper Junos Space Service Insight: