The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Juniper Junos Space Service Now

computer threat alert CVE-2011-0419

Apache APR, httpd: denial of service via apr_fnmatch

Synthesis of the vulnerability

An attacker can create a denial of service in applications using apr_fnmatch of APR. When mod_autoindex is activated in Apache httpd, a remote attacker can employ a special request in order to create a denial of service.
Severity: 3/4.
Creation date: 12/05/2011.
Revisions dates: 12/05/2011, 13/05/2011.
Identifiers: 703390, c02997184, c03011498, c03025215, CERTA-2011-AVI-296, CERTA-2011-AVI-309, CERTA-2011-AVI-515, CERTA-2011-AVI-618, CERTA-2013-AVI-243, CVE-2011-0419, DSA-2237-1, DSA-2237-2, HPSBMU02704, HPSBUX02702, HPSBUX02707, MDVSA-2011:084, openSUSE-SU-2011:0859-1, PSN-2012-11-767, PSN-2013-02-846, RHSA-2011:0507-01, RHSA-2011:0896-01, RHSA-2011:0897-01, SOL15920, SSA:2011-133-01, SSRT100606, SSRT100619, SSRT100626, SUSE-SU-2011:0763-1, SUSE-SU-2011:0763-2, SUSE-SU-2011:0797-1, SUSE-SU-2011:1229-1, VIGILANCE-VUL-10645.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The APR (Apache Portable Runtime) is a software library for the Apache web server making it portable when some features are not included in the operating system.

The apr_fnmatch() function of the APR library defines in "strings/apr_fnmatch.c" permit to check if a file name contains a shell pattern, such as "file*.txt". This function implements a recursive algorithm. However, if the search pattern contains many '*', the function is then called recursively many times, and consumes resources.

The Apache httpd mod_autoindex module generates index pages of directories.

The apr_fnmatch() function of the APR library is used by mod_autoindex for index generation corresponding to a model/filter. However when a directory contains long filenames is indexed by mod_autoindex, the apr_fnmatch() function consumes many resources, this causes a denial of service.

An attacker can therefore create a denial of service in applications using apr_fnmatch of APR.
When mod_autoindex is activated in Apache httpd, a remote attacker can therefore employ a special request in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2010-0738 CVE-2010-1428 CVE-2010-1429

JBoss Enterprise Application Platform: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of JBoss Enterprise Application Platform, in order to access to the console or to obtain sensitive information.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/04/2010.
Identifiers: BID-39710, c03057508, c03127140, c03824583, CA20130213-01, CERTA-2013-AVI-440, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, HPSBMU02714, HPSBMU02736, HPSBMU02894, RHSA-2010:0376-01, RHSA-2010:0377-01, RHSA-2010:0378-01, RHSA-2010:0379-01, SSRT100244, SSRT100699, VIGILANCE-VUL-9613.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Three vulnerabilities were announced in JBoss Enterprise Application Platform.

An attacker can use an HTTP query different from GET/POST in order to access to the JMX Console. [severity:3/4; CVE-2010-0738]

An attacker can use an HTTP query different from GET/POST in order to access to the Web Console (/web-console). [severity:3/4; CVE-2010-1428]

An attacker can access to the status servlet, in order to obtain sensitive information. [severity:2/4; CVE-2010-1429]
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2007-6750

Apache httpd: denial of service Slowloris

Synthesis of the vulnerability

An attacker can exhaust the maximum number of allowed clients on an Apache httpd server, in its default configuration.
Severity: 1/4.
Creation date: 19/06/2009.
Identifiers: 47386, c03734195, CERTFR-2014-AVI-112, CERTFR-2017-AVI-012, CVE-2007-6750, HPSBUX02866, JSA10770, K12636, openSUSE-SU-2012:0314-1, SOL12636, SSRT101139, SUSE-SU-2012:0284-1, SUSE-SU-2012:0323-1, VIGILANCE-VUL-8809.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

When a client connects to the httpd service, he has to send an HTTP request like:
  GET / HTTP/1.0
  Host: server
  Header: etc.
As long as Apache httpd did not receive the full request, it waits at most TimeOut seconds before closing the session.

When MaxClients clients are simultaneously connected on the service, next clients cannot access to the service.

An attacker can therefore open several parallel sessions, in which he sends the request using small fragments, in order to extend the session and to reach MaxClients. Legitimate users then cannot access to the service.

An attacker can therefore exhaust the maximum number of allowed clients on an Apache httpd server, in its default configuration.

The IIS web server uses a different logic and is not impacted by this denial of service. For example, when a new session arrives, the older inactive or incomplete session is closed.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2003-0543 CVE-2003-0544 CVE-2003-0545

Openssl : multiples vulnérabilités de ASN.1

Synthesis of the vulnerability

Plusieurs vulnérabilités concernant la gestion de l'encodage ASN.1 de OpenSSL ont été découvertes.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 30/09/2003.
Revisions dates: 01/10/2003, 02/10/2003, 03/10/2003, 06/10/2003, 08/10/2003, 10/10/2003, 13/10/2003, 14/10/2003, 15/10/2003, 23/10/2003, 31/10/2003, 04/12/2003, 05/12/2003, 08/12/2003, 29/12/2003, 08/01/2004, 16/01/2004, 27/01/2004, 17/03/2004, 07/06/2005, 10/06/2005, 13/06/2005.
Identifiers: 006489, 20030904-02-P, BID-10094, BID-8732, CA-2003-26, CERTA-2003-AVI-156, CERTA-2004-AVI-200, CERTFR-2017-AVI-012, CIAC N-159, CISCO20030930a, CVE-2003-0543, CVE-2003-0544, CVE-2003-0545, CVE-2005-1730, DSA-393, DSA-393-1, DSA-394, DSA-394-1, FreeBSD-SA-03:18, HP284, HP286, HP288, HP290, JSA10770, MDKSA-2003:098, N-159, NetBSD 2003-017, NetBSD-SA2003-017, Novell TID 2003-2967586, OpenBSD 32-020, OpenBSD 33-007, OpenBSD 34-002, ORACLE062, RHSA-2003:291, RHSA-2003:292, RHSA-2003:293, Security Alert 62, SGI 20030904, Slackware 20030930a, SSA:2003-273-01, SUSE-SA:2003:043, TID10087450, TID 2967586, TID2967743, TLSA-2003-55, V6-UNIXOPENSSLASN1MULVUL, VIGILANCE-VUL-3786, VU#104280, VU#255484, VU#380864, VU#686224, VU#732952, VU#935264.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

La bibliothèque OpenSSL propose diverses fonctionnalités de cryptographie, et est notamment employée pour créer des sessions SSL avec les serveurs web Apache.

Le langage ASN.1 (Abstract Syntax Notation 1) permet de décrire le format de messages échangés entre deux applications.

Quatre vulnérabilités ont été découvertes dans la gestion ASN.1 de OpenSSL :
 - certains encodages ASN.1 illicites sont rejetés, mais conduisent à une erreur dans la désallocation de mémoire. Un déni de service se produit alors. Il se pourrait que cela permette de faire exécuter du code. Cette erreur ne concerne que les versions 0.9.7x.
 - un paramètre ASN.1 illicite conduit à la lecture d'octets situés après la fin des données. Un déni de service se produit.
 - un certificat contenant une clé publique illicite stoppe le code en charge de la vérification. Cette erreur ne se produit qu'en mode de débogage.
 - suite à une erreur dans la gestion du protocole SSL/TLS, un serveur peut analyser un certificat client, alors qu'aucun certificat n'a été demandé. Cette erreur permet donc d'utiliser les 3 premières vulnérabilités même si le serveur n'est pas configuré pour authentifier les clients.

Ces vulnérabilités permettent donc à un attaquant distant (dans le cas où OpenSSL est employé avec Apache) de mener un déni de service. Ce type de vulnérabilité pourrait concerner d'autres implémentations de SSL/TLS.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Juniper Junos Space Service Now: