The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun Java System Web Proxy Server

vulnerability bulletin CVE-2013-2186 CVE-2014-1568 CVE-2014-1569

Oracle Fusion: several vulnerabilities of July 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in July 2015.
Impacted products: WebSphere AS Traditional, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 39.
Creation date: 15/07/2015.
Identifiers: 1962107, cpujul2015, CVE-2013-2186, CVE-2014-1568, CVE-2014-1569, CVE-2014-3566, CVE-2014-3567, CVE-2014-3571, CVE-2014-7809, CVE-2015-0286, CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-1926, CVE-2015-2593, CVE-2015-2598, CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, CVE-2015-2623, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-2658, CVE-2015-4742, CVE-2015-4744, CVE-2015-4745, CVE-2015-4747, CVE-2015-4751, CVE-2015-4758, CVE-2015-4759, VIGILANCE-VUL-17373.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-2186]

An attacker can use a vulnerability of Oracle Directory Server Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4745]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2603]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2602]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2604]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2605]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2606]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1569]

An attacker can use a vulnerability of Oracle OpenSSO, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle Traffic Director, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle iPlanet Web Proxy Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1569]

An attacker can use a vulnerability of Oracle iPlanet Web Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1569]

An attacker can use a vulnerability of Oracle Access Manager, in order to obtain or alter information. [severity:3/4; CVE-2015-2593]

An attacker can use a vulnerability of Oracle Tuxedo, in order to trigger a denial of service. [severity:3/4; CVE-2014-3567]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0443]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0444]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0445]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0446]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4759]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4758]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2634]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2635]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2636]

An attacker can use a vulnerability of Oracle Event Processing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4747]

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-7809]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain or alter information. [severity:2/4; CVE-2015-1926]

An attacker can use a vulnerability of Oracle Access Manager, in order to trigger a denial of service. [severity:2/4; CVE-2015-4751]

An attacker can use a vulnerability of Oracle Exalogic Infrastructure, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]

An attacker can use a vulnerability of Oracle JDeveloper, in order to trigger a denial of service. [severity:2/4; CVE-2015-4742]

An attacker can use a vulnerability of Oracle Tuxedo, in order to trigger a denial of service. [severity:2/4; CVE-2014-3571]

An attacker can use a vulnerability of Oracle Tuxedo, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]

An attacker can use a vulnerability of Web Cache, in order to obtain information. [severity:2/4; CVE-2015-2658]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:2/4; CVE-2015-2623]

An attacker can use a vulnerability of Oracle Tuxedo, in order to obtain information. [severity:2/4; CVE-2014-3566]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2015-2623]

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to alter information. [severity:2/4; CVE-2015-2598]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:1/4; CVE-2015-4744]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:1/4; CVE-2015-4744]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-4286 CVE-2013-4545 CVE-2014-0050

Oracle Fusion: several vulnerabilities of April 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in April 2015.
Impacted products: Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, WebLogic, Oracle Web Tier.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 13.
Creation date: 15/04/2015.
Identifiers: cpuapr2015, CVE-2013-4286, CVE-2013-4545, CVE-2014-0050, CVE-2014-0112, CVE-2014-1568, CVE-2014-3571, CVE-2015-0235, CVE-2015-0449, CVE-2015-0450, CVE-2015-0451, CVE-2015-0456, CVE-2015-0461, CVE-2015-0482, VIGILANCE-VUL-16610.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle Exalogic Infrastructure, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0235]

An attacker can use a vulnerability of Oracle GlassFish Server, Oracle iPlanet Web Proxy Server or Oracle iPlanet Web Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle Access Manager, in order to obtain or alter information. [severity:3/4; CVE-2015-0461]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0482]

An attacker can use a vulnerability of Oracle GoldenGate Monitor, in order to obtain or alter information. [severity:2/4; CVE-2013-4286]

An attacker can use a vulnerability of Oracle Exalogic Infrastructure, in order to trigger a denial of service. [severity:2/4; CVE-2014-3571]

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to alter information. [severity:2/4; CVE-2014-0112]

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to trigger a denial of service. [severity:2/4; CVE-2014-0050]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2015-0449]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:2/4; CVE-2013-4545]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to alter information. [severity:2/4; CVE-2015-0456]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to alter information. [severity:2/4; CVE-2015-0450]

An attacker can use a vulnerability of Oracle OpenSSO, in order to obtain information. [severity:2/4; CVE-2015-0451]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-1620 CVE-2013-1739 CVE-2013-1740

Oracle Fusion: several vulnerabilities of July 2014

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in July 2014.
Impacted products: Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, WebLogic, Oracle Web Tier.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 26.
Creation date: 16/07/2014.
Identifiers: CERTFR-2014-AVI-313, cpujul2014, CVE-2013-1620, CVE-2013-1739, CVE-2013-1740, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2013-5855, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-2479, CVE-2014-2480, CVE-2014-2481, CVE-2014-2493, CVE-2014-4201, CVE-2014-4202, CVE-2014-4210, CVE-2014-4211, CVE-2014-4212, CVE-2014-4217, CVE-2014-4222, CVE-2014-4241, CVE-2014-4242, CVE-2014-4249, CVE-2014-4251, CVE-2014-4253, CVE-2014-4254, CVE-2014-4255, CVE-2014-4256, CVE-2014-4257, CVE-2014-4267, VIGILANCE-VUL-15052.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

Several vulnerabilities impact NSS (VIGILANCE-VUL-13598, VIGILANCE-VUL-13789, VIGILANCE-VUL-14099, VIGILANCE-VUL-14456) in Oracle GlassFish Server, Oracle iPlanet Web Proxy Server and Oracle iPlanet Web Server. [severity:3/4; CVE-2013-1739, CVE-2013-1740, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain information. [severity:3/4; CVE-2014-4257]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2481]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2480]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4255]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4254]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2479]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4267]

An attacker can use a vulnerability of Oracle JDeveloper, in order to obtain information, or to trigger a denial of service. [severity:3/4; CVE-2014-2493]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:3/4; CVE-2014-4256]

An attacker can use a vulnerability of BI Publisher, in order to obtain information. [severity:2/4; CVE-2014-4249]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to alter information. [severity:2/4; CVE-2014-4211]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-4201]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-4202]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information. [severity:2/4; CVE-2014-4210]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-4253]

An attacker can use a vulnerability of GlassFish Communications Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle Fusion Middleware, in order to obtain information. [severity:2/4; CVE-2014-4212]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:2/4; CVE-2013-5855]

An attacker can use a vulnerability of Oracle JDeveloper, in order to alter information. [severity:2/4; CVE-2013-5855]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2014-4242]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2014-4217]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2014-4241]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2013-5855]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2014-4251]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2014-4222]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2007-0009 CVE-2007-1858 CVE-2012-3499

Oracle Fusion: several vulnerabilities of January 2014

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in January 2014.
Impacted products: Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Oracle Portal, Oracle Web Tier, Sun AS.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 19.
Creation date: 15/01/2014.
Identifiers: BID-64815, BID-64819, BID-64822, BID-64827, BID-64829, BID-64830, BID-64835, BID-64838, BID-64842, CERTA-2014-AVI-022, cpujan2014, CVE-2007-0009, CVE-2007-1858, CVE-2012-3499, CVE-2012-3544, CVE-2012-4605, CVE-2013-1620, CVE-2013-1654, CVE-2013-1862, CVE-2013-4316, CVE-2013-5785, CVE-2013-5808, CVE-2013-5869, CVE-2013-5900, CVE-2013-5901, CVE-2014-0374, CVE-2014-0383, CVE-2014-0391, CVE-2014-0400, VIGILANCE-VUL-14089.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-4316]

An attacker can use a vulnerability of Oracle Reports Developer, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64819, CVE-2013-5785]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2007-0009]

An attacker can use a vulnerability of Oracle Internet Directory, in order to obtain information. [severity:3/4; BID-64822, CVE-2014-0400]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2013-1862]

An attacker can use a vulnerability of Oracle Enterprise Data Quality, in order to trigger a denial of service. [severity:2/4; CVE-2012-3544]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2013-1654]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:2/4; CVE-2012-4605]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64829, CVE-2014-0391]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain information. [severity:2/4; BID-64835, CVE-2013-5869]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2012-3499]

An attacker can use a vulnerability of Oracle Identity Manager, in order to alter information. [severity:2/4; BID-64838, CVE-2013-5900]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64815, CVE-2013-5901]

An attacker can use a vulnerability of Oracle Portal, in order to alter information. [severity:2/4; BID-64830, CVE-2014-0374]

An attacker can use a vulnerability of Oracle Traffic Director, Oracle iPlanet Web Server and Oracle iPlanet Web Proxy Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64842, CVE-2014-0383]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2007-1858]

An attacker can use a vulnerability of Oracle iPlanet Web Proxy Server, in order to obtain information. [severity:1/4; BID-64827, CVE-2013-5808]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-3389 CVE-2012-1870

SSL, TLS: obtaining HTTPS Cookies, BEAST

Synthesis of the vulnerability

An attacker, who can control HTTPS connections of victim's web browser and which has a sufficient bandwidth, can use several SSL sessions in order to compute HTTP headers, such as cookies.
Impacted products: Asterisk Open Source, IPSO, SecurePlatform, CheckPoint Security Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Domino, Mandriva Linux, IIS, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, Java OpenJDK, openSUSE, Opera, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Java Oracle, Oracle Web Tier, SSL protocol, RHEL, SIMATIC, Sun AS, SUSE Linux Enterprise Desktop, SLES, Nessus.
Severity: 1/4.
Consequences: data reading.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 26/09/2011.
Identifiers: 2588513, 2643584, 2655992, AST-2016-001, BID-49778, BID-54304, c03122753, CERTA-2012-AVI-381, CERTFR-2016-AVI-046, CERTFR-2019-AVI-311, CVE-2004-2770-REJECT, CVE-2011-3389, CVE-2012-1870, DSA-2368-1, DSA-2398-1, DSA-2398-2, FEDORA-2012-5916, FEDORA-2012-5924, FEDORA-2012-9135, FEDORA-2014-13764, FEDORA-2014-13777, HPSBUX02730, javacpuoct2011, MDVSA-2012:058, MDVSA-2012:096, MDVSA-2012:096-1, MDVSA-2012:097, MS12-006, MS12-049, openSUSE-SU-2012:0030-1, openSUSE-SU-2012:0063-1, openSUSE-SU-2012:0199-1, openSUSE-SU-2012:0229-1, openSUSE-SU-2012:0667-1, RHSA-2012:0034-01, RHSA-2013:1455-01, RHSA-2013:1456-01, sk74100, sk86440, SOL13400, SSA-556833, SSRT100710, SUSE-SU-2012:0114-1, SUSE-SU-2012:0114-2, SUSE-SU-2012:0122-1, SUSE-SU-2012:0122-2, swg21568229, VIGILANCE-VUL-11014, VU#864643.

Description of the vulnerability

The SSL/TLS protocol supports CBC (Cipher Block Chaining) encryption: a clear block is "XORed" (operation Exclusive OR) with the last encrypted block, and the result is encrypted. This dependence between a block and its previous block was the subject of several theoretical studies since 2002, and led to the definition of TLS 1.1 in 2006, which uses a different algorithm.

The HTTPS "protocol", used by web browsers, encapsulates an HTTP session in a SSL/TLS session. An HTTP query is like:
  GET /abcdefg HTTP/1.0
  Headers (cookies)
  ...
This query is fragmented in blocks of 8 bytes, which are encrypted by CBC. The first block is thus "GET /abc".

An attacker can setup a malicious web site, and invite the victim to connect. This web site can request the victim's web browser to load the page "/abcdefg" of a site secured by SSL/TLS.

The attacker controls the size of the requested url (via "/abcdefg"), so he can place the first byte of headers at the end of a block (the 7 other bytes are known: "P/1.1\r\n"). This blocks follows a block which is fully known ("defg HTT"). The attacker can then capture the encrypted SSL/TLS session, and memorize the last encrypted block. This block is used as an initialization vector to compute an XOR between "defg HTT" (block 2) encrypted, and a guessed character located at the end of "P/1.1\r\n" (block 3). The result is reinjected by the attacker at the end of the HTTP query in clear text. He captures the resulting encrypted block, and if it is the same as the third encrypted block, then the guessed character was correct. The attacker repeats these queries as many times as necessary.

An attacker, who can control HTTPS connections of victim's web browser and which has a sufficient bandwidth, can therefore use several SSL sessions in order to compute HTTP headers, such as cookies.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2010-2385

Sun Web Proxy Server: vulnerability of July 2010

Synthesis of the vulnerability

An attacker can use a vulnerability of the Administration Server of Sun Java System Web Proxy Server, in order to obtain information or to alter information.
Impacted products: Oracle iPlanet Web Proxy Server.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 15/07/2010.
Identifiers: BID-41618, cpujul2010, CVE-2010-2385, VIGILANCE-VUL-9762.

Description of the vulnerability

An attacker can use a vulnerability of the Administration Server of Sun Java System Web Proxy Server, in order to obtain information or to alter information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2010-0388

Sun Web Server: format string attack of WebDAV

Synthesis of the vulnerability

When WebDAV is enabled on Sun Java System Web Server, an attacker can use malicious XML data, in order to generate a format string attack, leading to a denial of service or to code execution.
Impacted products: Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 22/01/2010.
Identifiers: 275850, 6916390, BID-37910, CVE-2010-0388, VIGILANCE-VUL-9377.

Description of the vulnerability

The WebDAV extension adds the PROPFIND method to the HTTP protocol, in order to obtain properties of a path. For example:
  PROPFIND /path HTTP/1.1
  [...]
  <?xml version="1.0" encoding="iso-8859-1"?>
    <a:propfind xmlns:a="DAV:">
    <a:prop><a:getcontenttype/></a:prop>
  </a:propfind>

However, if the encoding of XML data contains format parameters, they are directly interpreted.

When WebDAV is enabled on Sun Java System Web Server, an attacker can therefore use malicious XML data, in order to generate a format string attack, leading to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2010-0387

Sun Web Server: buffer overflow via Digest

Synthesis of the vulnerability

An attacker can use a long Digest authentication, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Impacted products: Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 21/01/2010.
Identifiers: 275850, 6916391, 6917212, BID-37896, CVE-2010-0387, VIGILANCE-VUL-9372.

Description of the vulnerability

When the HTTP Digest authentication is enabled on Sun Java System Web Server, it returns to the client:
  HTTP/1.1 401 Unauthorized
  WWW-Authenticate: Digest
     realm="realm@server" ...
The web browser then asks user for his login and password, then replies back with:
  Authorization: Digest username="my_user_name",
     realm="realm@server" ...

However, if data after Digest are too long, a buffer overflow occurs.

An attacker can therefore use a long Digest authentication, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2010-0361

Sun Web Server: buffer overflow via WebDAV

Synthesis of the vulnerability

When WebDAV is enabled on Sun Java System Web Server, an attacker can use a long url, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Impacted products: Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 21/01/2010.
Identifiers: 275850, 6916389, BID-37874, CVE-2010-0361, VIGILANCE-VUL-9371.

Description of the vulnerability

The WebDAV extension is used to edit files hosted on Sun Java System Web Server.

A WebDAV query for example uses the OPTIONS method of the HTTP protocol:
  OPTIONS /webdav_directory/file HTTP/1.0

However, if the file name is too long, a buffer overflow occurs.

When WebDAV is enabled on Sun Java System Web Server, an attacker can therefore use a long url, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2010-0360

Sun Web Server: memory corruption via TRACE

Synthesis of the vulnerability

An attacker can use the HTTP TRACE method, in order to overwrite or to read the memory content.
Impacted products: Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: internet client.
Creation date: 19/01/2010.
Identifiers: 101176, 200171, 275850, 6916392, 6917211, CVE-2010-0360, VIGILANCE-VUL-9358.

Description of the vulnerability

The HTTP TRACE method is used to echo back an HTTP request, which can go through several proxies. For example:
  TRACE / HTTP/1.0
  Header1: value
  [empty line]
  HTTP/1.1 200 OK
  Connection: close
  Content-Type: message/http
  [below, the request is returned to the web client]
  TRACE / HTTP/1.0
  Header1: value
The HTTP TRACE method is enabled by default on Sun Java System Web Server.

However, if the size of header names is only one byte, an overflow occurs in Sun Java System Web Server.

This error:
 - either generates a memory corruption, leading to a denial of service or to code execution
 - either forces the web server to return to the web client data coming from its memory, which may be sensitive
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Sun Java System Web Proxy Server: