The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of QRadar SIEM

computer vulnerability announce CVE-2015-0176 CVE-2015-0189

WebSphere MQ 7.5: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebSphere MQ.
Impacted products: QRadar SIEM, WebSphere MQ.
Severity: 2/4.
Creation date: 20/05/2015.
Identifiers: 1699549, 2015824, 7038184, CVE-2015-0176, CVE-2015-0189, IT03667, IT03865, IT05513, IT05869, VIGILANCE-VUL-16947.

Description of the vulnerability

Several vulnerabilities were announced in WebSphere MQ.

An unknown vulnerability was announced. [severity:2/4; IT03667]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1699549, CVE-2015-0176, IT03865]

An unknown vulnerability was announced about mqtt which generates XR028002 and XR071003. [severity:2/4; IT05513]

An unknown vulnerability was announced. [severity:2/4; CVE-2015-0189, IT05869]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-3627 CVE-2015-3629 CVE-2015-3630

docker: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of docker.
Impacted products: QRadar SIEM, openSUSE.
Severity: 2/4.
Creation date: 19/05/2015.
Identifiers: 2004947, CVE-2015-3627, CVE-2015-3629, CVE-2015-3630, CVE-2015-3631, openSUSE-SU-2015:0905-1, VIGILANCE-VUL-16942.

Description of the vulnerability

Several vulnerabilities were announced in docker.

An attacker can bypass access restrictions, in order to read or alter data. [severity:2/4; CVE-2015-3630]

An attacker can bypass access restrictions, in order to read or alter data. [severity:2/4; CVE-2015-3631]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-3627]

A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of the application. [severity:1/4; CVE-2015-3629]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-0176 CVE-2015-0189

WebSphere MQ 8.0: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebSphere MQ.
Impacted products: QRadar SIEM, WebSphere MQ.
Severity: 2/4.
Creation date: 02/03/2015.
Revision date: 21/04/2015.
Identifiers: 1699549, 2015824, CVE-2015-0176, CVE-2015-0189, IT03865, IT05869, VIGILANCE-VUL-16290.

Description of the vulnerability

Several vulnerabilities were announced in WebSphere MQ.

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1699549, CVE-2015-0176, IT03865]

An unknown vulnerability was announced. [severity:2/4; CVE-2015-0189, IT05869]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2014-3625

Spring Framework: directory traversal of MVC ResourceHttpRequestHandler

Synthesis of the vulnerability

An attacker can traverse directories in MVC ResourceHttpRequestHandler.java of Spring Framework, in order to read a file outside the service root path.
Impacted products: QRadar SIEM.
Severity: 2/4.
Creation date: 12/11/2014.
Revision date: 21/11/2014.
Identifiers: 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, CVE-2014-3625, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0236-01, RHSA-2015:0720-01, SPR-12354, VIGILANCE-VUL-15633.

Description of the vulnerability

The org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java file of Spring Framework is used via "<mvc:resources>" for example.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories in MVC ResourceHttpRequestHandler.java of Spring Framework, in order to read a file outside the service root path.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2014-7975

Linux kernel: denial of service via do_umount

Synthesis of the vulnerability

An attacker can unmount a file system on the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, QRadar SIEM, Linux, MBS, openSUSE, RHEL, Ubuntu.
Severity: 1/4.
Creation date: 09/10/2014.
Identifiers: 2011746, CERTFR-2014-AVI-495, CVE-2014-7975, FEDORA-2014-13020, FEDORA-2014-13045, MDVSA-2014:201, openSUSE-SU-2014:1677-1, RHSA-2017:1842-01, RHSA-2017:2077-01, USN-2415-1, USN-2416-1, USN-2417-1, USN-2418-1, USN-2419-1, USN-2420-1, USN-2421-1, VIGILANCE-VUL-15457.

Description of the vulnerability

The umount() call is used to unmount a file system.

However, the do_umount() function of the fs/namespace.c file does not check if user has the CAP_SYS_ADMIN privilege before allowing the file system to be unmounted.

An attacker can therefore unmount a file system on the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2014-7970

Linux kernel: infinite loop of pivot_root

Synthesis of the vulnerability

An attacker can generate an infinite loop in the pivot_root() function of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, QRadar SIEM, Linux, MBS, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 09/10/2014.
Identifiers: 2011746, CERTFR-2014-AVI-495, CERTFR-2014-AVI-528, CERTFR-2015-AVI-081, CVE-2014-7970, FEDORA-2014-13020, FEDORA-2014-13045, MDVSA-2014:230, RHSA-2017:1842-01, RHSA-2017:2077-01, SUSE-SU-2015:0581-1, SUSE-SU-2015:0736-1, USN-2419-1, USN-2420-1, USN-2447-1, USN-2447-2, USN-2448-1, USN-2448-2, USN-2513-1, USN-2514-1, VIGILANCE-VUL-15455.

Description of the vulnerability

The pivot_root() system call changes the file system root for the current process.

However, if it is called with pivot_root(".", "."), when located outside the chroot, a loop occurs.

An attacker can therefore generate an infinite loop in the pivot_root() function of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2014-3577

Apache HttpComponents HttpClient: erroneous certificate validation

Synthesis of the vulnerability

An attacker can create an SSL certificate which will be wrongly validated by Apache HttpComponents HttpClient, in order to capture traffic and bypass encryption.
Impacted products: Apache HttpClient, Fedora, HPE NNMi, QRadar SIEM, WebSphere AS Traditional, RHEL, JBoss EAP by Red Hat, Ubuntu.
Severity: 1/4.
Creation date: 18/08/2014.
Identifiers: 2015815, 7036319, c05103564, CVE-2014-3577, FEDORA-2014-9539, FEDORA-2014-9581, FEDORA-2014-9617, FEDORA-2014-9629, HPSBMU03584, RHSA-2014:1082-01, RHSA-2014:1146-01, RHSA-2014:1162-01, RHSA-2014:1163-01, RHSA-2014:1166-01, RHSA-2014:1320-01, RHSA-2014:1321-01, RHSA-2014:1322-01, RHSA-2014:1323-01, RHSA-2014:1833-01, RHSA-2014:1834-01, RHSA-2014:1835-01, RHSA-2014:1836-01, RHSA-2014:1891-01, RHSA-2014:1892-01, RHSA-2014:1904-01, RHSA-2014:2019-01, RHSA-2014:2020-01, RHSA-2015:0125-01, RHSA-2015:0158-01, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0675-01, RHSA-2015:0720-01, RHSA-2015:0765-01, RHSA-2015:0850-01, RHSA-2015:0851-01, RHSA-2015:1009, RHSA-2015:1176-01, RHSA-2015:1177-01, RHSA-2016:1931-01, USN-2769-1, VIGILANCE-VUL-15198.

Description of the vulnerability

The HttpClient library can manage HTTP connections over SSL.

In order to authenticate a server, the client must check the certificate (cryptographic signatures, validity date range, etc.) and also that the received certificate matches the visited server. This check is usually done on DNS names, or sometimes on IP addresses. However, instead of looking the exact field subjectAltName or, for compatibility, the commonName field, the library looks fro a substring that matches the targeted server name.

This vulnerability is a variant of VIGILANCE-VUL-12182.

An attacker can therefore create an SSL certificate which will be wrongly validated by Apache HttpComponents HttpClient, in order to capture traffic and bypass encryption.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2014-1912

Python: buffer overflow of sock_recvfrom_into

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the sock_recvfrom_into() function of Python, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, QRadar SIEM, MBS, MES, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE, Solaris, Percona Server, XtraDB Cluster, Python, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 14/02/2014.
Identifiers: 2004947, 20246, CERTFR-2014-AVI-244, cpujul2017, CVE-2014-1912, DSA-2880-1, FEDORA-2014-2394, FEDORA-2014-2418, MDVSA-2014:041, MDVSA-2015:075, MDVSA-2015:076, openSUSE-SU-2014:0380-1, openSUSE-SU-2014:0498-1, openSUSE-SU-2014:0518-1, openSUSE-SU-2014:0597-1, openSUSE-SU-2014:1734-1, RHSA-2015:1064-01, RHSA-2015:1330-01, USN-2125-1, VIGILANCE-VUL-14258.

Description of the vulnerability

The Python socket module provides the socket.recvfrom_into() function, which receives data from a network socket, and then stores them in an array.

However, if the size of network data is greater than the size of the storage array, an overflow occurs in the sock_recvfrom_into() function.

An attacker can therefore generate a buffer overflow in the sock_recvfrom_into() function of Python, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2014-0050

Apache Tomcat: denial of service via Apache Commons FileUpload

Synthesis of the vulnerability

An attacker can use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service.
Impacted products: Tomcat, Debian, BIG-IP Hardware, TMOS, Fedora, SiteScope, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, Domino, MBS, ePO, openSUSE, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Creation date: 06/02/2014.
Revision date: 13/02/2014.
Identifiers: 1667254, 1676656, 1680564, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2015814, BID-65400, c05324755, CERTFR-2014-AVI-200, CERTFR-2014-AVI-282, CERTFR-2014-AVI-368, CERTFR-2014-AVI-382, cpuoct2016, CVE-2014-0050, DSA-2856-1, DSA-2897-1, FEDORA-2014-2175, FEDORA-2014-2183, HPSBGN03669, MDVSA-2014:056, MDVSA-2015:084, openSUSE-SU-2014:0527-1, openSUSE-SU-2014:0528-1, RHSA-2014:0252-01, RHSA-2014:0253-01, RHSA-2014:0373-01, RHSA-2014:0400-03, RHSA-2014:0401-02, RHSA-2014:0429-01, RHSA-2014:0452-01, RHSA-2014:0459-01, RHSA-2014:0473-01, RHSA-2014:0525-01, RHSA-2014:0526-01, RHSA-2014:0527-01, RHSA-2014:0528-01, RHSA-2015:1009, SB10079, SOL15189, SUSE-SU-2014:0548-1, USN-2130-1, VIGILANCE-VUL-14183, VMSA-2014-0007, VMSA-2014-0007.1, VMSA-2014-0007.2, VMSA-2014-0008, VMSA-2014-0008.2, VMSA-2014-0012.

Description of the vulnerability

The Apache Commons FileUpload component manages the file upload feature. It is included in Apache Tomcat.

The HTTP Content-Type header indicates the type of the query body. However, if the size of this header is larger than 4091 bytes, the fileupload/MultipartStream.java class indefinitely tries to store data in an array which is too short.

An attacker can therefore use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2011-1498

Apache HttpComponents HttpClient: obtaining proxy password

Synthesis of the vulnerability

When HttpClient connects to a proxy requiring an authentication, the login and password are sent to the remote server.
Impacted products: Apache HttpClient, Fedora, QRadar SIEM.
Severity: 2/4.
Creation date: 21/03/2011.
Identifiers: 2015815, BID-46974, CVE-2011-1498, FEDORA-2011-7747, VIGILANCE-VUL-10465, VU#153049.

Description of the vulnerability

The Apache HttpComponents HttpClient product implements the HTTP protocol.

An HTTP authentication uses:
 - the Authorization header to authenticate on a remote server
 - the Proxy-Authorization header to authenticate on the intermediate proxy

When SSL (https) is used, the Proxy-Authorization header is used to require the proxy to open a session to the remote server. However, HttpClient also adds the Proxy-Authorization header to the HTTP session tunneled by SSL. The remote server thus receives the login and the password of the proxy.

When HttpClient connects to a proxy requiring an authentication, the login and password are therefore sent to the remote server.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about QRadar SIEM: