The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle WebLogic Server

vulnerability note CVE-2016-0718 CVE-2016-2830 CVE-2016-2835

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Impacted products: Debian, Fedora, Security Directory Server, Firefox, SeaMonkey, Thunderbird, openSUSE, openSUSE Leap, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Tuxedo, WebLogic, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 23.
Creation date: 03/08/2016.
Identifiers: 2000347, CERTFR-2016-AVI-259, cpujul2018, CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5253, CVE-2016-5254, CVE-2016-5255, CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5267, CVE-2016-5268, DLA-585-1, DLA-640-1, DSA-3640-1, DSA-3686-1, FEDORA-2016-7dd68d253f, FEDORA-2016-e77b6d963a, FEDORA-2016-f8ae4ede46, MFSA-2016-62, MFSA-2016-63, MFSA-2016-64, MFSA-2016-65, MFSA-2016-66, MFSA-2016-67, MFSA-2016-68, MFSA-2016-69, MFSA-2016-70, MFSA-2016-71, MFSA-2016-72, MFSA-2016-73, MFSA-2016-74, MFSA-2016-75, MFSA-2016-76, MFSA-2016-77, MFSA-2016-78, MFSA-2016-79, MFSA-2016-80, MFSA-2016-81, MFSA-2016-82, MFSA-2016-83, MFSA-2016-84, openSUSE-SU-2016:1964-1, openSUSE-SU-2016:2026-1, openSUSE-SU-2016:2253-1, openSUSE-SU-2016:2254-1, openSUSE-SU-2016:2378-1, RHSA-2016:1551-01, RHSA-2016:1809-01, SSA:2016-219-02, SSA:2016-244-01, SUSE-SU-2016:2061-1, SUSE-SU-2016:2131-1, SUSE-SU-2016:2195-1, USN-3044-1, USN-3073-1, VIGILANCE-VUL-20294, ZDI-16-673.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla Firefox/Thunderbird.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-2835, CVE-2016-2836, MFSA-2016-62]

An attacker can bypass security features via Favicon Network Connection, in order to obtain sensitive information. [severity:3/4; CVE-2016-2830, MFSA-2016-63]

An attacker can generate a buffer overflow via SVG With Bidirectional Content, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-2838, MFSA-2016-64]

An attacker can generate a memory corruption via LibAV, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2839, MFSA-2016-65]

An attacker can alter displayed information via Malformed/invalid Mediatypes, in order to deceive the victim. [severity:2/4; CVE-2016-5251, MFSA-2016-66]

An attacker can generate a memory corruption via 2D Graphics Rendering, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5252, MFSA-2016-67]

An attacker can force a read at an invalid address via XML Parsing, in order to trigger a denial of service, or to obtain sensitive information (VIGILANCE-VUL-19644). [severity:2/4; CVE-2016-0718, MFSA-2016-68]

An attacker can bypass security features via Mozilla Updater, in order to escalate his privileges. [severity:2/4; CVE-2016-5253, MFSA-2016-69]

An attacker can force the usage of a freed memory area via Alt Key, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5254, MFSA-2016-70]

An attacker can generate a memory corruption via Incremental Garbage Collection, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5255, MFSA-2016-71]

An attacker can force the usage of a freed memory area via DTLS WebRTC, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5258, MFSA-2016-72]

An attacker can force the usage of a freed memory area via Service Workers, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5259, MFSA-2016-73]

An attacker can bypass security features via Form Input, in order to obtain sensitive information. [severity:2/4; CVE-2016-5260, MFSA-2016-74]

An attacker can generate an integer overflow via WebSockets, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5261, MFSA-2016-75]

An attacker can trigger a Cross Site Scripting via Marquee, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-5262, MFSA-2016-76]

An attacker can generate a buffer overflow via ClearKey Content Decryption Module, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-2837, MFSA-2016-77, ZDI-16-673]

An attacker can generate a memory corruption via Display Transformation, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5263, MFSA-2016-78]

An attacker can force the usage of a freed memory area via SVG Effects, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5264, MFSA-2016-79]

An attacker can bypass the origin check via Saved Shortcut File, in order to access to victim's data. [severity:2/4; CVE-2016-5265, MFSA-2016-80]

An attacker can bypass security features via Drag And Drop, in order to obtain sensitive information. [severity:2/4; CVE-2016-5266, MFSA-2016-81]

An attacker can alter displayed information via Right-to-left Characters, in order to deceive the victim. [severity:2/4; CVE-2016-5267, MFSA-2016-82]

An attacker can alter displayed information via Internal Error Pages, in order to deceive the victim. [severity:1/4; CVE-2016-5268, MFSA-2016-83]

An attacker can bypass security features via Resource Timing API, in order to obtain sensitive information. [severity:2/4; CVE-2016-5250, MFSA-2016-84]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-2180

OpenSSL: out-of-bounds memory reading via TS_OBJ_print_bio

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TS_OBJ_print_bio() of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/08/2016.
Identifiers: 1359615, 1996096, 2000095, 2003480, 2003620, 2003673, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2180, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, SA132, SA40312, SB10215, SOL02652550, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20286.

Description of the vulnerability

The OpenSSL product implements the RFC 3161 Public Key Infrastructure Time-Stamp Protocol.

However, the TS_OBJ_print_bio() function tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via TS_OBJ_print_bio() of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-3237 CVE-2015-7182 CVE-2016-1181

Oracle Fusion Middleware: vulnerabilities of July 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Fusion Middleware.
Impacted products: WebSphere AS Traditional, Oracle Communications, Oracle Directory Server, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Portal, Solaris, Oracle TopLink, WebLogic.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 22.
Creation date: 20/07/2016.
Identifiers: 7014463, cpuapr2019, cpujul2016, cpuoct2018, CVE-2015-3237, CVE-2015-7182, CVE-2016-1181, CVE-2016-1548, CVE-2016-2107, CVE-2016-3432, CVE-2016-3433, CVE-2016-3445, CVE-2016-3446, CVE-2016-3474, CVE-2016-3482, CVE-2016-3487, CVE-2016-3499, CVE-2016-3502, CVE-2016-3504, CVE-2016-3510, CVE-2016-3544, CVE-2016-3564, CVE-2016-3586, CVE-2016-3607, CVE-2016-3608, CVE-2016-5019, CVE-2016-5477, VIGILANCE-VUL-20164, ZDI-16-441, ZDI-16-442, ZDI-16-443, ZDI-16-444.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.

An attacker can use a vulnerability via Oracle Directory Server Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-7182]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3607, ZDI-16-442]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3510, ZDI-16-443]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3586, ZDI-16-441]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3499, ZDI-16-444]

An attacker can use a vulnerability via Oracle JDeveloper, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3504, CVE-2016-5019]

An attacker can use a vulnerability via Oracle Business Intelligence Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3446]

An attacker can use a vulnerability via Oracle Portal, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-1181]

An attacker can use a vulnerability via Oracle TopLink, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3564]

An attacker can use a vulnerability via Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3487]

An attacker can use a vulnerability via Oracle Business Intelligence Enterprise Edition, in order to obtain or alter information. [severity:3/4; CVE-2016-3544]

An attacker can use a vulnerability via Oracle Exalogic Infrastructure, in order to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-1548]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information, or to trigger a denial of service. [severity:2/4; CVE-2015-3237]

An attacker can use a vulnerability via Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-3502]

An attacker can use a vulnerability via Oracle Access Manager, in order to obtain information. [severity:2/4; CVE-2016-2107]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2016-3608]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2016-5477]

An attacker can use a vulnerability via BI Publisher (formerly XML Publisher), in order to obtain or alter information. [severity:2/4; CVE-2016-3432]

An attacker can use a vulnerability via Oracle Business Intelligence Enterprise Edition, in order to obtain or alter information. [severity:2/4; CVE-2016-3433]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2016-3445]

An attacker can use a vulnerability via BI Publisher (formerly XML Publisher), in order to obtain information. [severity:1/4; CVE-2016-3474]

An attacker can use a vulnerability via Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2016-3482]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-3092

Apache Tomcat: denial of service via FileUpload

Synthesis of the vulnerability

An attacker can send files of a specially chosen size to Apache Tomcat, in order to overload the server.
Impacted products: Tomcat, Debian, Fedora, HP-UX, Domino, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, Percona Server, Puppet, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 22/06/2016.
Identifiers: 1987864, 1989628, 1990172, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992835, 1995388, 1995793, 2000095, 2000544, 2001563, 2012109, 2015814, 7014463, bulletinjul2016, c05324759, cpuapr2017, cpuapr2018, cpujul2017, cpujul2018, cpuoct2017, CVE-2016-3092, DLA-528-1, DLA-529-1, DSA-3609-1, DSA-3611-1, DSA-3614-1, FEDORA-2016-0a4dccdd23, FEDORA-2016-2b0c16fd82, HPSBUX03665, openSUSE-SU-2016:2252-1, RHSA-2016:2068-01, RHSA-2016:2069-01, RHSA-2016:2070-01, RHSA-2016:2071-01, RHSA-2016:2072-01, RHSA-2016:2599-02, RHSA-2016:2807-01, RHSA-2016:2808-01, RHSA-2017:0455-01, RHSA-2017:0456-01, RHSA-2017:0457-01, SUSE-SU-2017:1660-1, USN-3024-1, USN-3027-1, VIGILANCE-VUL-19953.

Description of the vulnerability

The Apache Tomcat product uses a slightly fork of the Apache Commons FileUpload library.

This library is used to receive files from an HTTP client to the server. However, when the file size is such that the size of the MIME envelope (file content + MIME headers) is equal to the size of the file reading buffer, the transfer requires an extremely long duration.

An attacker can therefore send files of a specially chosen size to Apache Tomcat, in order to overload the server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-2177

OpenSSL: out-of-bounds memory reading

Synthesis of the vulnerability

An attacker can force a memory access at an invalid address in OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, ePO, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 09/06/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 1999724, 2000095, 2000209, 2000544, 2001805, 2002770, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2016, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2177, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03763, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, SA132, SA40312, SB10165, SB10215, SOL23873366, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3181-1, VIGILANCE-VUL-19855.

Description of the vulnerability

The source code of OpenSSL includes many loops where a pointer is used to go through a buffer.

The definition of the C language allows a pointer to be off by one byte after the buffer, but the behavior of any further access is undefined. Several end of loop tests follows the forme "pointer + current data length > end pointer" in such a way that these 2 expressions are not always defined according to the language specification. An attacker which can control dynamic memory allocations can trigger evaluation of undefined conditions and perhaps invalid memory access.

An attacker can therefore force a memory access at an invalid address in OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-2178

OpenSSL: DSA signature not running in constant time

Synthesis of the vulnerability

An attacker can monitor a process performing a DSA signature with OpenSSL, in order to potentially obtain information about the secret key.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 07/06/2016.
Revision date: 08/06/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1996096, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 1999724, 2000095, 2000544, 2003480, 2003620, 2003673, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2178, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, SA132, SA40312, SB10215, SOL53084033, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-19820.

Description of the vulnerability

OpenSSL includes an implementation of the DSA algorithm.

The BN_FLG_CONSTTIME flag requires this operation to be performed in constant time, in order to block attacks watching the process. However, the dsa_sign_setup() function of the lib/libssl/src/crypto/dsa/dsa_ossl.c file does not correctly initialize the BN_FLG_CONSTTIME flag.

An attacker can therefore monitor a process performing a DSA signature with OpenSSL, in order to potentially obtain information about the secret key.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5300

expat: denial of service via hash collision

Synthesis of the vulnerability

An attacker can trigger collisions in hash tables, in order to reduce performances of applications using expat.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Notes, openSUSE Leap, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Tuxedo, WebLogic, Python, Slackware, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 08/06/2016.
Identifiers: 1990421, 1990658, CERTFR-2018-AVI-288, cpujul2018, CVE-2016-5300, DLA-508-1, DSA-3597-1, FEDORA-2016-0fd6ca526a, FEDORA-2016-60889583ab, FEDORA-2016-7c6e7a9265, K70938105, openSUSE-SU-2017:0483-1, SOL70938105, SSA:2016-359-01, SSA:2018-124-01, TNS-2018-08, USN-3010-1, USN-3013-1, VIGILANCE-VUL-19836.

Description of the vulnerability

An attacker can trigger collisions in hash tables, in order to reduce performances of applications using expat. The origin vulnerability is described in VIGILANCE-VUL-11420.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-2834

Mozilla NSS: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Security Directory Server, QRadar SIEM, NSS, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 08/06/2016.
Identifiers: 1206283, 1221620, 1241034, 1241037, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2000347, CERTFR-2016-AVI-193, cpujul2017, cpuoct2017, CVE-2016-2834, DLA-527-1, DSA-3688-1, MFSA-2016-61, openSUSE-SU-2016:1552-1, openSUSE-SU-2016:1557-1, RHSA-2016:2779-01, SA137, SOL15479471, SUSE-SU-2016:1691-1, SUSE-SU-2016:1799-1, SUSE-SU-2016:2061-1, SUSE-SU-2016:2195-1, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, SYMSA1391, USN-3029-1, VIGILANCE-VUL-19835.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla NSS.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-1181 CVE-2016-1182

Apache Struts 1: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Struts 1.
Impacted products: Struts, Fedora, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, IBM WebSphere ESB, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data creation/edition, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/06/2016.
Identifiers: 1985995, 1989496, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1995383, 2000544, 2016214, 7014463, cpuapr2017, cpuapr2019, cpujan2018, cpujan2019, cpuoct2017, cpuoct2018, CVE-2016-1181, CVE-2016-1182, FEDORA-2016-21bd6a33af, FEDORA-2016-d717fdcf74, ibm10719287, ibm10719297, ibm10719301, ibm10719303, ibm10719307, JVN#03188560, JVN#65044642, swg22017525, VIGILANCE-VUL-19829.

Description of the vulnerability

Several vulnerabilities were announced in Apache Struts 1.

An attacker can use a vulnerability via ActionForm, in order to run code. [severity:3/4; CVE-2016-1181, JVN#03188560]

An attacker can trigger a Cross Site Scripting via Validator, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-1182, JVN#65044642]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-0718

Expat: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Expat, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Notes, Security Directory Server, WebSphere AS Traditional, openSUSE, openSUSE Leap, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/05/2016.
Identifiers: 1988026, 1990421, 1990658, 2000347, bulletinjul2016, CERTFR-2018-AVI-288, cpujul2018, CVE-2016-0718, DSA-3582-1, FEDORA-2016-0fd6ca526a, FEDORA-2016-60889583ab, FEDORA-2016-7c6e7a9265, HT206903, K52320548, openSUSE-SU-2016:1441-1, openSUSE-SU-2016:1523-1, RHSA-2016:2824-01, SSA:2016-359-01, SSA:2017-266-02, SSA:2018-124-01, SUSE-SU-2016:1508-1, SUSE-SU-2016:1512-1, TNS-2016-11, TNS-2018-08, USN-2983-1, USN-3013-1, VIGILANCE-VUL-19644.

Description of the vulnerability

An attacker can generate a buffer overflow of Expat, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle WebLogic Server: