Vulnerabilities > Configuration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-12-22 | CVE-2010-4586 | Configuration vulnerability in Opera Browser The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508. | 10.0 |
| 2010-11-26 | CVE-2010-4312 | Configuration vulnerability in Apache Tomcat The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie. | 6.4 |
| 2010-10-04 | CVE-2010-3315 | Configuration vulnerability in Apache Subversion authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | 6.0 |
| 2010-09-23 | CVE-2010-3279 | Configuration vulnerability in Alcatel-Lucent Ccagent and Omnitouch Contact Center The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe. | 7.6 |
| 2010-08-30 | CVE-2010-2945 | Configuration vulnerability in Simone Rota Slim Simple Login Manager The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp. | 6.9 |
| 2010-08-10 | CVE-2010-2493 | Configuration vulnerability in Redhat Jboss Enterprise SOA Platform The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) the jbpm-console application, (7) the contract application, and (8) the uddi-console application in JBoss Enterprise SOA Platform before 5.0.2 contains GET and POST http-method elements, which allows remote attackers to bypass intended access restrictions via a crafted HTTP request. | 5.0 |
| 2010-08-10 | CVE-2010-2977 | Configuration vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0 Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611. | 10.0 |
| 2010-07-22 | CVE-2010-1972 | Configuration vulnerability in HP Client Automation Enterprise Infrastructure The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests. | 9.0 |
| 2010-06-17 | CVE-2010-1381 | Configuration vulnerability in Apple mac OS X and mac OS X Server The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. | 3.5 |
| 2010-06-16 | CVE-2010-2306 | Configuration vulnerability in Sourcefire products The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack. | 4.3 |