The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of WebSphere Application Server Liberty

security threat CVE-2017-2583

Linux kernel: access to protected memory area under KVM

Synthesis of the vulnerability

An attacker process, inside a guest system, can set its stack segment register to 0, in order to get the kernel privileges on the host system.
Severity: 2/4.
Creation date: 19/01/2017.
Identifiers: 7043863, CERTFR-2017-AVI-042, CERTFR-2017-AVI-050, CERTFR-2017-AVI-053, CERTFR-2017-AVI-058, CERTFR-2017-AVI-060, CERTFR-2018-AVI-408, CVE-2017-2583, DSA-3791-1, FEDORA-2017-18ce368ba3, FEDORA-2017-e6012e74b6, openSUSE-SU-2017:0456-1, openSUSE-SU-2017:0906-1, RHSA-2017:1615-01, RHSA-2017:1616-01, SUSE-SU-2017:0407-1, SUSE-SU-2017:0464-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0575-1, SUSE-SU-2017:1990-1, USN-3208-1, USN-3208-2, USN-3361-1, USN-3754-1, VIGILANCE-VUL-21637.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Linux kernel product offers a heavyweight virtualization layer Kernel Virtual Machine.

The machine instruction that set the stack segment register must be emulated by KVM in order to provide separate segment tables to each guest system. However, the case of the segment number 0 is special for the processor and the emulator mishandle it. On a host having an AMD processor, the effect is to give the privilege level of the host kernel to the code of the guest process.

An attacker process, inside a guest system, can therefore set its stack segment register to 0, in order to get the kernel privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2016-1000031

Apache Commons FileUpload: read-write access

Synthesis of the vulnerability

An attacker can bypass access restrictions of Apache Commons FileUpload, in order to read or alter files.
Severity: 3/4.
Creation date: 18/10/2016.
Identifiers: 2009844, 2011428, 2011689, 528262, 7018113, 7043863, 7048591, CERTFR-2018-AVI-531, cisco-sa-20181107-struts-commons-fileupload, cpuapr2019, cpujan2019, cpujul2019, cpuoct2019, CVE-2016-1000031, DSA-2018-210, openSUSE-SU-2019:1399-1, SUSE-SU-2019:1212-2, SUSE-SU-2019:1214-1, SUSE-SU-2019:14044-1, TRA-2016-12, VIGILANCE-VUL-20892, ZDI-16-570.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several products use Apache Commons FileUpload.

However, data unserialized by the DiskFileItem class are not checked.

An attacker can therefore bypass access restrictions of Apache Commons FileUpload, in order to read or alter files.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2014-3603

OpenSAML Java: incomplete certificate validation

Synthesis of the vulnerability

An attacker can use any valid certificate on a malicious server, and then invite an Apache HttpClient 3 to connect there, in order to spy communications even if encryption is used.
Severity: 2/4.
Creation date: 07/08/2015.
Identifiers: 964764, CVE-2014-3603, FEDORA-2015-10175, FEDORA-2015-10235, VIGILANCE-VUL-17608.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSAML Java library can manage HTTP connections over SSL, using Apache HttpClient 3 (VIGILANCE-VUL-12182).

In order to authenticate a server, the client must check the certificate (cryptographic signatures, validity date range, etc.) and also that the received certificate matches the visited server. This check is usually done on DNS names, or sometimes on IP addresses. However, HttpClient does not check that the names included in the certificates match the one requested at HTTP level. So, any valid certificate is accepted.

An attacker can therefore use any valid certificate on a malicious server, and then invite an OpenSAML Java to connect there, in order to spy communications even if encryption is used.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about WebSphere Application Server Liberty: