Weekly Vulnerabilities Reports > October 24 to 30, 2011
Overview
37 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 29 products from 9 vendors including IBM, Apple, Cisco, Microsoft, and Puppet. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Numeric Errors", and "Resource Management Errors".
- 28 reported vulnerabilities are remotely exploitables.
- 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 34 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-10-30 | CVE-2011-1367 | IBM | Remote Command Execution vulnerability in IBM Rational AppScan '.scan' file Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file. | 9.3 |
2011-10-28 | CVE-2011-3251 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file. | 9.3 |
2011-10-28 | CVE-2011-3250 | Apple Microsoft | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. | 9.3 |
2011-10-28 | CVE-2011-3249 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding. | 9.3 |
2011-10-28 | CVE-2011-3248 | Apple Microsoft | Numeric Errors vulnerability in Apple Quicktime Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file. | 9.3 |
2011-10-28 | CVE-2011-3247 | Apple Microsoft | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file. | 9.3 |
2011-10-27 | CVE-2011-4004 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file. | 9.3 |
2011-10-27 | CVE-2011-3319 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file. | 9.3 |
7 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-10-30 | CVE-2011-1366 | IBM | Remote Security vulnerability in Rational Appscan Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive. | 8.8 |
2011-10-27 | CVE-2011-3318 | Cisco | Resource Management Errors vulnerability in Cisco products Cisco Video Surveillance 2421 and 2500 series cameras with software 1.1.x and 2.x before 2.4.0 and Video Surveillance 2600 series cameras with software before 4.2.0-13 allow remote attackers to cause a denial of service (device reload) by sending crafted RTSP packets over TCP, aka Bug IDs CSCtj96312, CSCtj39462, and CSCtl80175. | 7.8 |
2011-10-27 | CVE-2011-3315 | Cisco | Path Traversal vulnerability in Cisco products Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. | 7.8 |
2011-10-24 | CVE-2011-3615 | Simplemachines | SQL Injection vulnerability in Simplemachines SMF Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. | 7.5 |
2011-10-30 | CVE-2011-4213 | Permissions, Privileges, and Access Controls vulnerability in Google APP Engine Python SDK The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. | 7.2 | |
2011-10-30 | CVE-2011-4212 | Permissions, Privileges, and Access Controls vulnerability in Google APP Engine Python SDK The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. | 7.2 | |
2011-10-30 | CVE-2011-4211 | Permissions, Privileges, and Access Controls vulnerability in Google APP Engine Python SDK The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. | 7.2 |
20 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-10-30 | CVE-2011-1364 | Cross-Site Request Forgery (CSRF) vulnerability in Google APP Engine Python SDK Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter. | 6.8 | |
2011-10-27 | CVE-2011-2569 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. | 6.8 |
2011-10-24 | CVE-2011-4173 | Simplemachines | Cross-Site Request Forgery (CSRF) vulnerability in Simplemachines SMF 2.0 Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. | 6.8 |
2011-10-27 | CVE-2011-3870 | Puppet Puppetlabs | Link Following vulnerability in multiple products Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. | 6.3 |
2011-10-27 | CVE-2011-3869 | Puppet Puppetlabs | Link Following vulnerability in multiple products Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. | 6.3 |
2011-10-27 | CVE-2011-3871 | Puppet Puppetlabs | Permissions, Privileges, and Access Controls vulnerability in multiple products Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. | 6.2 |
2011-10-30 | CVE-2009-2747 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call. | 5.0 |
2011-10-29 | CVE-2011-1370 | IBM | Configuration vulnerability in IBM Lotus Sametime The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message. | 5.0 |
2011-10-29 | CVE-2011-1368 | IBM | Information Exposure vulnerability in IBM Websphere Application Server 8.0.0.0 The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors. | 5.0 |
2011-10-27 | CVE-2011-3848 | Puppet Puppetlabs | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25. | 5.0 |
2011-10-30 | CVE-2009-2748 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-10-29 | CVE-2010-0780 | IBM | Resource Management Errors vulnerability in IBM Websphere MQ IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager. | 4.3 |
2011-10-28 | CVE-2011-1371 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Ilog Rule Team Server 7.1.1 Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an Unknown Error document, a different vulnerability than CVE-2011-4171. | 4.3 |
2011-10-28 | CVE-2011-1360 | IBM | Cross-Site Scripting vulnerability in IBM Http Server Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/. | 4.3 |
2011-10-24 | CVE-2011-4172 | Kent WEB | Cross-Site Scripting vulnerability in Kent-Web web Forum Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via (1) an e-mail address field or (2) a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-2011-3984. | 4.3 |
2011-10-24 | CVE-2011-4171 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Ilog Rule Team Server 7.1.1 Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp. | 4.3 |
2011-10-24 | CVE-2011-3984 | Kent WEB | Cross-Site Scripting vulnerability in Kent-Web web Forum Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "web form entries." | 4.3 |
2011-10-24 | CVE-2011-3983 | Kent WEB | Cross-Site Scripting vulnerability in Kent-Web web Forum 5.1 Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies. | 4.3 |
2011-10-24 | CVE-2011-3383 | Kent WEB | Cross-Site Scripting vulnerability in Kent-Web web Forum Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "the web page to be output." | 4.3 |
2011-10-30 | CVE-2009-0900 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file. | 4.1 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-10-27 | CVE-2011-3872 | Puppet Puppetlabs | Improper Input Validation vulnerability in multiple products Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability." | 2.6 |
2011-10-30 | CVE-2009-0905 | IBM | Improper Input Validation vulnerability in IBM Websphere MQ IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring. | 1.7 |