The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat JBoss Enterprise Application Platform

vulnerability announce CVE-2012-0874 CVE-2013-4810

JBoss AS 4, 5: code execution via Invoker

Synthesis of the vulnerability

An attacker can use EJBInvokerServlet / JMXInvokerServlet of JBoss AS 4/5, in order to deploy a shell code, which is executed on the server.
Impacted products: JBoss AS OpenSource, RHEL, JBoss EAP by Red Hat.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/11/2013.
Identifiers: 795645, BID-57552, CVE-2012-0874, CVE-2013-4810, RHSA-2013:0191-01, RHSA-2013:0192-01, RHSA-2013:0193-01, RHSA-2013:0194-01, RHSA-2013:0195-01, RHSA-2013:0196-01, RHSA-2013:0197-01, RHSA-2013:0198-01, RHSA-2013:0221-01, RHSA-2013:0533-01, VIGILANCE-VUL-13802.

Description of the vulnerability

In versions 4 and 5 of JBoss AS, the HTTP Invoker service is used to access to EJB (Enterprise Java Beans) via RMI/HTTP.

However, access to the EJBInvokerServlet and JMXInvokerServlet servlets does not require an authentication by default.

An attacker can therefore use EJBInvokerServlet / JMXInvokerServlet of JBoss AS 4/5, in order to deploy a shell code, which is executed on the server.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-3829 CVE-2013-4002 CVE-2013-5772

Oracle Java: multiple vulnerabilities of October 2013

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, DB2 UDB, Domino, Notes, Tivoli System Automation, WebSphere MQ, ePO, Java OpenJDK, openSUSE, Java Oracle, Puppet, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 51.
Creation date: 16/10/2013.
Identifiers: 1663589, 1663930, 1664550, 1670264, 1671933, BID-63079, BID-63082, BID-63089, BID-63095, BID-63098, BID-63101, BID-63102, BID-63103, BID-63106, BID-63110, BID-63111, BID-63112, BID-63115, BID-63118, BID-63120, BID-63121, BID-63122, BID-63124, BID-63126, BID-63127, BID-63128, BID-63129, BID-63130, BID-63131, BID-63132, BID-63133, BID-63134, BID-63135, BID-63136, BID-63137, BID-63139, BID-63140, BID-63141, BID-63142, BID-63143, BID-63144, BID-63145, BID-63146, BID-63147, BID-63148, BID-63149, BID-63150, BID-63151, BID-63152, BID-63153, BID-63154, BID-63155, BID-63156, BID-63157, BID-63158, c04031205, c04031212, CERTA-2013-AVI-586, CERTFR-2014-AVI-117, CERTFR-2014-AVI-199, cpuoct2013, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854, FEDORA-2013-19285, FEDORA-2013-19338, HPSBUX02943, HPSBUX02944, MDVSA-2013:266, MDVSA-2013:267, openSUSE-SU-2013:1663-1, openSUSE-SU-2013:1968-1, RHSA-2013:1440-01, RHSA-2013:1447-01, RHSA-2013:1451-01, RHSA-2013:1505-01, RHSA-2013:1507-01, RHSA-2013:1508-01, RHSA-2013:1509-01, RHSA-2013:1793-01, RHSA-2014:1319-01, RHSA-2014:1818-01, RHSA-2014:1821-01, RHSA-2014:1822-01, RHSA-2014:1823-01, RHSA-2015:0269-01, RHSA-2015:0675-01, RHSA-2015:0773-01, SB10058, SE-2012-01, SOL16872, SOL48802597, SUSE-SU-2013:1666-1, SUSE-SU-2013:1669-1, SUSE-SU-2013:1677-2, SUSE-SU-2013:1677-3, VIGILANCE-VUL-13601, VMSA-2014-0002, ZDI-13-244, ZDI-13-245, ZDI-13-246, ZDI-13-247, ZDI-13-248.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63103, CVE-2013-5782]

An attacker can use a vulnerability of Libraries via LDAP Deserialization, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63121, CVE-2013-5830, ZDI-13-248]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63118, CVE-2013-5809]

An attacker can use a vulnerability of 2D via FileImageInputStream, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63137, CVE-2013-5829, ZDI-13-247]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63143, CVE-2013-5814]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63139, CVE-2013-5824]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63145, CVE-2013-5788]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63155, CVE-2013-5787]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63156, CVE-2013-5789]

An attacker can use a vulnerability of JNDI via LdapCtx, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63146, CVE-2013-5817, ZDI-13-244]

An attacker can use a vulnerability of Libraries via ObjectOutputStream, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63150, CVE-2013-5842, ZDI-13-246]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63151, CVE-2013-5843]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63158, CVE-2013-5832]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63153, CVE-2013-5850]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63131, CVE-2013-5838]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63112, CVE-2013-5805]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63122, CVE-2013-5806]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63127, CVE-2013-5846]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63132, CVE-2013-5810]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63136, CVE-2013-5844]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63140, CVE-2013-5777]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63130, CVE-2013-5852]

An attacker can use a vulnerability of JAXP, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63135, CVE-2013-5802]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63144, CVE-2013-5775]

An attacker can use a vulnerability of Javadoc, in order to obtain or alter information. [severity:3/4; BID-63149, CVE-2013-5804]

An attacker can use a vulnerability of Deployment, in order to obtain information, or to trigger a denial of service. [severity:3/4; BID-63126, CVE-2013-5812]

An attacker can use a vulnerability of Libraries, in order to obtain or alter information. [severity:3/4; BID-63120, CVE-2013-3829]

An attacker can use a vulnerability of Swing NumberFormatter and RealTimeSequencer, in order to obtain or alter information. [severity:3/4; BID-63154, CVE-2013-5783, ZDI-13-245]

An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; BID-63101, CVE-2013-5825]

An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2013-4002]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; BID-63110, CVE-2013-5823]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-63134, CVE-2013-5778]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-63147, CVE-2013-5801]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63152, CVE-2013-5776]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63157, CVE-2013-5818]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63141, CVE-2013-5819]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63129, CVE-2013-5831]

An attacker can use a vulnerability of JAX-WS, in order to alter information. [severity:2/4; BID-63133, CVE-2013-5820]

An attacker can use a vulnerability of JAXP, in order to obtain information. [severity:2/4; BID-63142, CVE-2013-5851]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-63148, CVE-2013-5840]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; BID-63128, CVE-2013-5774]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-63124, CVE-2013-5848]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-63115, CVE-2013-5780]

An attacker can use a vulnerability of JGSS, in order to obtain information. [severity:2/4; BID-63111, CVE-2013-5800]

An attacker can use a vulnerability of AWT, in order to obtain information. [severity:2/4; BID-63106, CVE-2013-5849]

An attacker can use a vulnerability of BEANS, in order to obtain information. [severity:2/4; BID-63102, CVE-2013-5790]

An attacker can use a vulnerability of SCRIPTING, in order to alter information. [severity:2/4; BID-63098, CVE-2013-5784]

An attacker can use a vulnerability of Javadoc, in order to alter information. [severity:2/4; BID-63095, CVE-2013-5797]

An attacker can use a vulnerability of jhat, in order to alter information. [severity:1/4; BID-63089, CVE-2013-5772]

An attacker can use a vulnerability of JGSS, in order to trigger a denial of service. [severity:1/4; BID-63082, CVE-2013-5803]

An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:1/4; BID-63079, CVE-2013-5854]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-1896

Apache HTTP Server: denial of service via mod_dav

Synthesis of the vulnerability

An attacker can send a MERGE query for mod_dav of Apache HTTP Server, in order to trigger a denial of service.
Impacted products: Apache httpd, Fedora, HP-UX, Junos Space, Junos Space Network Management Platform, NSMXpress, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 15/07/2013.
Identifiers: BID-61129, c03922406, CERTA-2013-AVI-435, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2013-1896, FEDORA-2013-13922, FEDORA-2013-13994, HPSBUX02927, JSA10685, MDVSA-2013:193, openSUSE-SU-2013:1337-1, openSUSE-SU-2013:1340-1, openSUSE-SU-2013:1341-1, openSUSE-SU-2014:1647-1, RHSA-2013:1133-01, RHSA-2013:1134-01, RHSA-2013:1156-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-218-02, SSRT101288, SUSE-SU-2014:1082-1, VIGILANCE-VUL-13117.

Description of the vulnerability

The mod_dav (DAV, Distributed Authoring and Versioning) module can be installed in Apache HTTP Server.

The MERGE command of mod_dav_svn applies differences between two Subversion information sources. However, if this command indicates an URI which is not configured for DAV, a segmentation fault occurs in mod_dav.

An attacker can therefore send a MERGE query for mod_dav of Apache HTTP Server, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-1862

Apache httpd 2.2: character injection via mod_rewrite

Synthesis of the vulnerability

An attacker can use special characters, which are not filtered by mod_rewrite of Apache httpd 2.2, in order to inject them in the log file.
Impacted products: Apache httpd, BIG-IP Hardware, TMOS, HP-UX, Junos Space, Junos Space Network Management Platform, NSMXpress, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, SLES.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 14/05/2013.
Identifiers: BID-59826, c03922406, CERTA-2013-AVI-332, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2014-AVI-502, CERTFR-2015-AVI-286, CVE-2013-1862, HPSBUX02927, JSA10685, MDVSA-2013:174, openSUSE-SU-2013:1337-1, openSUSE-SU-2013:1340-1, openSUSE-SU-2013:1341-1, openSUSE-SU-2014:1647-1, RHSA-2013:0815-01, RHSA-2013:1133-01, RHSA-2013:1134-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SOL15877, SSRT101288, SUSE-SU-2014:1082-1, VIGILANCE-VUL-12790.

Description of the vulnerability

The mod_rewrite module of Apache httpd is used to edit queries. The RewriteLog directive of Apache 2.2 indicates the filename where to log performed modifications.

However, special characters contained in the client name, the username and the free text are not filtered.

An attacker can therefore use special characters, which are not filtered by mod_rewrite of Apache httpd 2.2, in order to inject them in the log file.

If the attacker injects ANSI escape sequences, they are then interpreted when the administrator displays log files in a shell terminal.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2012-4558

Apache httpd: Cross Site Scripting of mod_proxy_balancer

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Apache httpd mod_proxy_balancer, in order to execute JavaScript code in the context of the web site.
Impacted products: Apache httpd, Debian, Fedora, NSMXpress, Mandriva Linux, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/02/2013.
Identifiers: BID-58165, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CERTFR-2015-AVI-286, CVE-2012-4558, DSA-2637-1, FEDORA-2013-4541, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, VIGILANCE-VUL-12458.

Description of the vulnerability

The Apache httpd mod_proxy_balancer module is used to balance the load between several mod_proxy services.

However, the manager interface of this module does not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger a Cross Site Scripting in Apache httpd mod_proxy_balancer, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2012-3499

Apache httpd: Cross Site Scripting of modules

Synthesis of the vulnerability

An attacker can trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Impacted products: Apache httpd, Debian, Fedora, HP-UX, NSMXpress, Mandriva Linux, openSUSE, Solaris, Trusted Solaris, RHEL, JBoss EAP by Red Hat, Slackware.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/02/2013.
Identifiers: BID-58165, c03734195, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2012-3499, DSA-2637-1, FEDORA-2013-4541, HPSBUX02866, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, SSRT101139, VIGILANCE-VUL-12457.

Description of the vulnerability

The Apache httpd service can use several modules.

However, the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules do not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-1821

Ruby: denial of service of REXML via entities

Synthesis of the vulnerability

An attacker can transmit malicious XML data to a Ruby REXML application, in order to force it to allocate large memory resources.
Impacted products: Debian, Fedora, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 22/02/2013.
Identifiers: BID-58141, bulletinjul2015, CVE-2013-1821, DSA-2738-1, DSA-2809-1, FEDORA-2013-3037, FEDORA-2013-3038, MDVSA-2013:124, MDVSA-2013:200, openSUSE-SU-2013:0603-1, openSUSE-SU-2013:0614-1, RHSA-2013:0611-01, RHSA-2013:0612-01, RHSA-2013:1147-01, RHSA-2013:1185-01, SSA:2013-075-01, SUSE-SU-2014:0843-1, SUSE-SU-2014:0844-1, VIGILANCE-VUL-12456.

Description of the vulnerability

The Ruby REXML parser processes XML data.

An XML entity (such as "&abc;") is used to define an alias of a text string.

However, if the same large entity is called several thousand times in an XML document, REXML consumes numerous resources to store the XML tree.

An attacker can therefore transmit malicious XML data to a Ruby REXML application, in order to force it to allocate large memory resources.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-0269

Ruby: denial of service via JSON

Synthesis of the vulnerability

An attacker can use JSON data, in order to force a Ruby application to progressively use all its memory.
Impacted products: Fedora, openSUSE, RHEL, JBoss EAP by Red Hat, Slackware, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 22/02/2013.
Identifiers: CVE-2013-0269, FEDORA-2013-3050, FEDORA-2013-3052, openSUSE-SU-2013:0603-1, RHSA-2013:0686-01, RHSA-2013:0698-01, RHSA-2013:0699-01, RHSA-2013:0701-01, RHSA-2013:1147-01, RHSA-2013:1185-01, SSA:2013-075-01, VIGILANCE-VUL-12455.

Description of the vulnerability

The JSON format is used to represent a data structure, using text.

However, memory areas used to store data are never freed.

An attacker can therefore use JSON data, in order to force a Ruby application to progressively use all its memory.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-0169

OpenSSL: information disclosure in CBC mode, Lucky 13

Synthesis of the vulnerability

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Impacted products: Debian, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, ePO, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, JBoss EAP by Red Hat, Slackware, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 12/02/2013.
Identifiers: 1643316, c03710522, c03883001, CERTA-2013-AVI-454, CVE-2013-0169, DSA-2621-1, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESXi410-201307001, ESXi410-201307401-SG, FEDORA-2013-2793, FEDORA-2013-2834, FEDORA-2013-4403, FreeBSD-SA-13:03.openssl, HPSBUX02856, HPSBUX02909, JSA10575, JSA10759, Lucky 13, MDVSA-2013:018, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2016:0640-1, RHSA-2013:0587-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, RHSA-2013:1455-01, RHSA-2013:1456-01, RHSA-2014:0416-01, SB10041, SSA:2013-042-01, SSRT101104, SSRT101289, SUSE-SU-2014:0320-1, VIGILANCE-VUL-12394, VMSA-2013-0009.

Description of the vulnerability

The bulletin VIGILANCE-VUL-12374 describes a vulnerability of TLS/DTLS.

For OpenSSL, the solution VIGILANCE-SOL-28668 corrected this vulnerability. However, this solution was not complete.

An attacker can therefore still inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-0166

OpenSSL: denial of service via OCSP

Synthesis of the vulnerability

An attacker can setup a malicious OCSP server, in order to stop OpenSSL applications which connect.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, McAfee Email and Web Security, ePO, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, JBoss EAP by Red Hat, Slackware, ESX, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 05/02/2013.
Identifiers: 1643316, BID-57755, BID-60268, c03710522, c03883001, CERTA-2013-AVI-099, CERTA-2013-AVI-387, CERTA-2013-AVI-454, CERTFR-2014-AVI-112, CVE-2013-0166, DSA-2621-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESXi410-201307001, ESXi410-201307401-SG, FEDORA-2013-2793, FEDORA-2013-2834, FreeBSD-SA-13:03.openssl, HPSBUX02856, HPSBUX02909, JSA10575, JSA10580, MDVSA-2013:018, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2016:0640-1, RHSA-2013:0587-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, sol14261, SSA:2013-040-01, SSRT101104, SSRT101289, VIGILANCE-VUL-12378, VMSA-2013-0006.1, VMSA-2013-0009, VMSA-2013-0009.1, VMSA-2013-0009.2.

Description of the vulnerability

The OCSP (Online Certificate Status Protocol) extension checks the validity of certificates.

The OCSP_basic_verify() function of the crypto/ocsp/ocsp_vfy.c file decodes the received OCSP reply. However, if the key is empty, a NULL pointer is dereferenced.

An attacker can therefore setup a malicious OCSP server, in order to stop OpenSSL applications which connect.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat JBoss Enterprise Application Platform: