The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of iPlanet Application Server

computer vulnerability note CVE-2007-0009 CVE-2007-1858 CVE-2012-3499

Oracle Fusion: several vulnerabilities of January 2014

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in January 2014.
Impacted products: Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Oracle Portal, Oracle Web Tier, Sun AS.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 19.
Creation date: 15/01/2014.
Identifiers: BID-64815, BID-64819, BID-64822, BID-64827, BID-64829, BID-64830, BID-64835, BID-64838, BID-64842, CERTA-2014-AVI-022, cpujan2014, CVE-2007-0009, CVE-2007-1858, CVE-2012-3499, CVE-2012-3544, CVE-2012-4605, CVE-2013-1620, CVE-2013-1654, CVE-2013-1862, CVE-2013-4316, CVE-2013-5785, CVE-2013-5808, CVE-2013-5869, CVE-2013-5900, CVE-2013-5901, CVE-2014-0374, CVE-2014-0383, CVE-2014-0391, CVE-2014-0400, VIGILANCE-VUL-14089.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-4316]

An attacker can use a vulnerability of Oracle Reports Developer, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64819, CVE-2013-5785]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2007-0009]

An attacker can use a vulnerability of Oracle Internet Directory, in order to obtain information. [severity:3/4; BID-64822, CVE-2014-0400]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2013-1862]

An attacker can use a vulnerability of Oracle Enterprise Data Quality, in order to trigger a denial of service. [severity:2/4; CVE-2012-3544]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2013-1654]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:2/4; CVE-2012-4605]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64829, CVE-2014-0391]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain information. [severity:2/4; BID-64835, CVE-2013-5869]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2012-3499]

An attacker can use a vulnerability of Oracle Identity Manager, in order to alter information. [severity:2/4; BID-64838, CVE-2013-5900]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64815, CVE-2013-5901]

An attacker can use a vulnerability of Oracle Portal, in order to alter information. [severity:2/4; BID-64830, CVE-2014-0374]

An attacker can use a vulnerability of Oracle Traffic Director, Oracle iPlanet Web Server and Oracle iPlanet Web Proxy Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64842, CVE-2014-0383]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2007-1858]

An attacker can use a vulnerability of Oracle iPlanet Web Proxy Server, in order to obtain information. [severity:1/4; BID-64827, CVE-2013-5808]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2012-3155

Oracle GlassFish, Sun Java System AS: denial of service via CORBA

Synthesis of the vulnerability

An attacker can use a vulnerability of CORBA, in order to create a denial of service in Oracle GlassFish and Sun Java System Application Server.
Impacted products: Oracle GlassFish Server, Sun AS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 17/10/2012.
Identifiers: BID-56073, cpuoct2012, CVE-2012-3155, VIGILANCE-VUL-12077.

Description of the vulnerability

The CORBA (Common Object Request Broker Architecture) standard can be used by one application to use features of another application.

An attacker can use a vulnerability of CORBA, in order to create a denial of service in Oracle GlassFish and Sun Java System Application Server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2011-3559

Glassfish Com. Server, Enterprise Server, Sun Java System AS: denial of service of Web Container

Synthesis of the vulnerability

A remote attacker can create a denial of service in Glassfish Communications Server, GlassFish Enterprise Server and Sun Java System Application Server.
Impacted products: Oracle GlassFish Server, Sun AS.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 19/10/2011.
Identifiers: BID-50204, cpuoct2011, CVE-2011-3559, VIGILANCE-VUL-11076.

Description of the vulnerability

A remote attacker can create a denial of service in Glassfish Communications Server, GlassFish Enterprise Server and Sun Java System Application Server.

In order to exploit the vulnerability, the attacker uses the HTTP protocol and targets the Web Container component.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-3389 CVE-2012-1870

SSL, TLS: obtaining HTTPS Cookies, BEAST

Synthesis of the vulnerability

An attacker, who can control HTTPS connections of victim's web browser and which has a sufficient bandwidth, can use several SSL sessions in order to compute HTTP headers, such as cookies.
Impacted products: Asterisk Open Source, IPSO, SecurePlatform, CheckPoint Security Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Domino, Mandriva Linux, IIS, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, Java OpenJDK, openSUSE, Opera, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Java Oracle, Oracle Web Tier, SSL protocol, RHEL, Sun AS, SUSE Linux Enterprise Desktop, SLES, Nessus.
Severity: 1/4.
Consequences: data reading.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 26/09/2011.
Identifiers: 2588513, 2643584, 2655992, AST-2016-001, BID-49778, BID-54304, c03122753, CERTA-2012-AVI-381, CERTFR-2016-AVI-046, CVE-2004-2770-REJECT, CVE-2011-3389, CVE-2012-1870, DSA-2368-1, DSA-2398-1, DSA-2398-2, FEDORA-2012-5916, FEDORA-2012-5924, FEDORA-2012-9135, FEDORA-2014-13764, FEDORA-2014-13777, HPSBUX02730, javacpuoct2011, MDVSA-2012:058, MDVSA-2012:096, MDVSA-2012:096-1, MDVSA-2012:097, MS12-006, MS12-049, openSUSE-SU-2012:0030-1, openSUSE-SU-2012:0063-1, openSUSE-SU-2012:0199-1, openSUSE-SU-2012:0229-1, openSUSE-SU-2012:0667-1, RHSA-2012:0034-01, RHSA-2013:1455-01, RHSA-2013:1456-01, sk74100, sk86440, SOL13400, SSRT100710, SUSE-SU-2012:0114-1, SUSE-SU-2012:0114-2, SUSE-SU-2012:0122-1, SUSE-SU-2012:0122-2, swg21568229, VIGILANCE-VUL-11014, VU#864643.

Description of the vulnerability

The SSL/TLS protocol supports CBC (Cipher Block Chaining) encryption: a clear block is "XORed" (operation Exclusive OR) with the last encrypted block, and the result is encrypted. This dependence between a block and its previous block was the subject of several theoretical studies since 2002, and led to the definition of TLS 1.1 in 2006, which uses a different algorithm.

The HTTPS "protocol", used by web browsers, encapsulates an HTTP session in a SSL/TLS session. An HTTP query is like:
  GET /abcdefg HTTP/1.0
  Headers (cookies)
  ...
This query is fragmented in blocks of 8 bytes, which are encrypted by CBC. The first block is thus "GET /abc".

An attacker can setup a malicious web site, and invite the victim to connect. This web site can request the victim's web browser to load the page "/abcdefg" of a site secured by SSL/TLS.

The attacker controls the size of the requested url (via "/abcdefg"), so he can place the first byte of headers at the end of a block (the 7 other bytes are known: "P/1.1\r\n"). This blocks follows a block which is fully known ("defg HTT"). The attacker can then capture the encrypted SSL/TLS session, and memorize the last encrypted block. This block is used as an initialization vector to compute an XOR between "defg HTT" (block 2) encrypted, and a guessed character located at the end of "P/1.1\r\n" (block 3). The result is reinjected by the attacker at the end of the HTTP query in clear text. He captures the resulting encrypted block, and if it is the same as the third encrypted block, then the guessed character was correct. The attacker repeats these queries as many times as necessary.

An attacker, who can control HTTPS connections of victim's web browser and which has a sufficient bandwidth, can therefore use several SSL sessions in order to compute HTTP headers, such as cookies.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2011-0807

Sun GlassFish, Application Server: code execution via Web Administration

Synthesis of the vulnerability

A remote attacker can execute code in Sun GlassFish Enterprise Server and Sun Java System Application Server.
Impacted products: Oracle GlassFish Server, Sun AS.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 20/04/2011.
Identifiers: BID-47438, CERTA-2011-AVI-239, cpuapr2011, CVE-2011-0807, VIGILANCE-VUL-10580, ZDI-11-137.

Description of the vulnerability

The Web Administration component of Sun GlassFish Enterprise Server and Sun Java System Application Server listens on port 4848/tcp.

However, this service does not correctly validate HTTP GET queries. An exception thus occurs, and the query is processed with no authentication.

A remote attacker can therefore execute code in Sun GlassFish Enterprise Server and Sun Java System Application Server.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2010-2397

Sun AS, GlassFish: vulnerability of July 2010

Synthesis of the vulnerability

An attacker can use a vulnerability of Sun Java System Application Server ou Sun GlassFish Enterprise Server, in order to obtain information or to alter information.
Impacted products: Oracle GlassFish Server, Sun AS.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 15/07/2010.
Identifiers: BID-41638, cpujul2010, CVE-2010-2397, VIGILANCE-VUL-9763.

Description of the vulnerability

An attacker can use a vulnerability of Sun Java System Application Server ou Sun GlassFish Enterprise Server, in order to obtain information or to alter information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-2625

Apache Xerces2 Java, Java JRE/JDK, OpenJDK: memory corruption via XML

Synthesis of the vulnerability

An attacker can create XML data containing a malicious byte which corrupts the memory, in order to create a denial of service or to execute code in Apache Xerces2 Java, Java JRE/JDK or OpenJDK.
Impacted products: Xerces Java, Debian, HP-UX, Mandriva Linux, Java OpenJDK, openSUSE, Oracle GlassFish Server, Java Oracle, RHEL, JBoss EAP by Red Hat, Slackware, Sun AS, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/08/2009.
Revision date: 09/12/2009.
Identifiers: 272209, 6870754, BID-35958, CVE-2009-2625, DSA-1984-1, FICORA #245608, HPSBUX02476, MDVSA-2011:108, RHSA-2009:1199-01, RHSA-2009:1200-01, RHSA-2009:1201-01, RHSA-2009:1505-01, RHSA-2009:1582-01, RHSA-2009:1615-01, RHSA-2011:0858-01, RHSA-2012:0725-01, RHSA-2012:1232-01, RHSA-2012:1537-01, RHSA-2013:0763-01, SSA:2011-041-02, SSRT090250, SUSE-SR:2009:014, SUSE-SR:2009:016, SUSE-SR:2009:017, SUSE-SR:2010:011, SUSE-SR:2010:013, SUSE-SR:2010:014, SUSE-SR:2010:015, VIGILANCE-VUL-8925.

Description of the vulnerability

The Apache Xerces2 Java, Java JRE/JDK and OpenJDK products manage XML data. They share the same vulnerability.

An attacker can create XML data containing a malicious byte which corrupts the memory, in order to create a denial of service or to execute code in these products.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2009-3555

TLS, OpenSSL, GnuTLS: vulnerability of the renegotiation

Synthesis of the vulnerability

A remote attacker can use a vulnerability of TLS in order to insert plain text data during a renegotiation via a man-in-the-middle attack.
Impacted products: Apache httpd, ArubaOS, BES, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco CSS, IOS by Cisco, IOS XR Cisco, IronPort Email, IronPort Management, Cisco Router, Secure ACS, Cisco CallManager, Cisco CUCM, Cisco IP Phone, WebNS, XenApp, XenDesktop, XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, FortiOS, FreeBSD, HP-UX, AIX, WebSphere AS Traditional, IVE OS, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, Juniper SA, Mandriva Linux, Mandriva NF, IIS, Windows 2000, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, NSS, NetBSD, NetScreen Firewall, ScreenOS, NLD, OES, OpenBSD, OpenSolaris, OpenSSL, openSUSE, Oracle Directory Server, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Trusted Solaris, ProFTPD, SSL protocol, RHEL, Slackware, Sun AS, SUSE Linux Enterprise Desktop, SLES, TurboLinux, Unix (platform) ~ not comprehensive, ESX.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 10/11/2009.
Identifiers: 1021653, 111046, 273029, 273350, 274990, 6898371, 6898539, 6898546, 6899486, 6899619, 6900117, 977377, AID-020810, BID-36935, c01945686, c01963123, c02079216, CERTA-2011-ALE-005, CERTFR-2017-AVI-392, cisco-sa-20091109-tls, CTX123248, CTX123359, CVE-2009-3555, DSA-1934-1, DSA-2141-1, DSA-2141-2, DSA-2141-4, DSA-2626-1, DSA-3253-1, FEDORA-2009-12229, FEDORA-2009-12305, FEDORA-2009-12606, FEDORA-2009-12750, FEDORA-2009-12775, FEDORA-2009-12782, FEDORA-2009-12968, FEDORA-2009-13236, FEDORA-2009-13250, FEDORA-2010-1127, FEDORA-2010-3905, FEDORA-2010-3929, FEDORA-2010-3956, FEDORA-2010-5357, FEDORA-2010-8742, FEDORA-2010-9487, FEDORA-2010-9518, FG-IR-17-137, FreeBSD-SA-09:15.ssl, HPSBUX02482, HPSBUX02498, HPSBUX02517, KB25966, MDVSA-2009:295, MDVSA-2009:323, MDVSA-2009:337, MDVSA-2010:069, MDVSA-2010:076, MDVSA-2010:076-1, MDVSA-2010:089, MDVSA-2013:019, NetBSD-SA2010-002, openSUSE-SU-2010:1025-1, openSUSE-SU-2010:1025-2, openSUSE-SU-2011:0845-1, PM04482, PM04483, PM04534, PM04544, PM06400, PSN-2011-06-290, PSN-2012-11-767, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0119-01, RHSA-2010:0130-01, RHSA-2010:0155-01, RHSA-2010:0162-01, RHSA-2010:0163-01, RHSA-2010:0164-01, RHSA-2010:0165-01, RHSA-2010:0166-01, RHSA-2010:0167-01, SOL10737, SSA:2009-320-01, SSA:2010-067-01, SSRT090249, SSRT090264, SSRT100058, SUSE-SA:2009:057, SUSE-SA:2010:020, SUSE-SR:2010:008, SUSE-SR:2010:012, SUSE-SR:2011:008, SUSE-SU-2011:0847-1, TLSA-2009-30, TLSA-2009-32, VIGILANCE-VUL-9181, VMSA-2010-0015, VMSA-2010-0015.1, VMSA-2010-0019, VMSA-2010-0019.1, VMSA-2010-0019.2, VMSA-2010-0019.3, VU#120541.

Description of the vulnerability

Transport Layer Security (TLS) is a cryptographic protocol for network transport.

When opening a connection using TLS, a negotiation mechanism allows the client and server to agree on the encryption algorithm to use.

The protocol allows for renegotiation at any time during the connection. However, the handling of those renegotiations has a vulnerability.

A remote attacker can therefore exploit this vulnerability in order to insert plain text data via a man-in-the-middle attack.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 8763

Sun AS, GlassFish: denial of service

Synthesis of the vulnerability

A local attacker can generate a denial of service on Sun GlassFish Enterprise Server or Sun Java System Application Server.
Impacted products: Oracle GlassFish Server, Sun AS.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 04/06/2009.
Identifiers: 258528, 6806221, BID-35217, VIGILANCE-VUL-8763.

Description of the vulnerability

Sun announced that a local attacker can force Sun GlassFish Enterprise Server or Sun Java System Application Server to consume excessive system resources.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 8708

Sun AS, GlassFish: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate two Cross Site Scripting in Sun GlassFish Enterprise Server and Sun Java System Application Server.
Impacted products: Oracle GlassFish Server, Sun AS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/05/2009.
Identifiers: 258528, 6717148, 6820994, BID-34914, VIGILANCE-VUL-8708.

Description of the vulnerability

An attacker can generate two Cross Site Scripting in Sun GlassFish Enterprise Server and Sun Java System Application Server.

The SailFin project uses the SIP protocol and the implementation of javax.servlet.sip (glassfish/comms/admin/gui/extensions/docroot/sip/...). However, the getRequestValue() method is not used to obtain GET parameters in several files under extensions/docroot/sip. [severity:2/4; 6820994]

A Cross Site Scripting with an unknown origin was also announced. [severity:2/4; 6717148]

An attacker can therefore execute JavaScript code in the context of the website.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.