Weekly Vulnerabilities Reports > January 2 to 8, 2012
Overview
51 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 37 products from 29 vendors including Siemens, Openssl, Apache, Mozilla, and Splunk. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".
- 47 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 48 reported vulnerabilities are exploitable by an anonymous user.
- Siemens has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Apache has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-01-08 | CVE-2012-0391 | Apache | Improper Input Validation vulnerability in Apache Struts The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. | 9.3 |
2012-01-08 | CVE-2011-4055 | Siemens | Buffer Errors vulnerability in Siemens Tecnomatix Factorylink 6.6.1/7.5.217/8.0.2.54 Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to execute arbitrary code via a long string in a parameter associated with the location URL. | 9.3 |
2012-01-06 | CVE-2011-4109 | Openssl | Resource Management Errors vulnerability in Openssl Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. | 9.3 |
2012-01-03 | CVE-2011-4644 | Splunk | Improper Authentication vulnerability in Splunk Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. | 9.3 |
4 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-01-08 | CVE-2012-0024 | Maradns | Resource Exhaustion vulnerability in Maradns MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. | 7.8 |
2012-01-08 | CVE-2011-4529 | Siemens | Buffer Errors vulnerability in Siemens Automation License Manager 5.1 Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command. | 7.5 |
2012-01-04 | CVE-2011-5051 | Wpsymposium Wordpress | Unspecified vulnerability in Wpsymposium WP Symposium Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot. | 7.5 |
2012-01-03 | CVE-2011-4197 | Pfsense | Permissions, Privileges, and Access Controls vulnerability in Pfsense etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key. | 7.5 |
41 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-01-06 | CVE-2011-5054 | KDE | Improper Authentication vulnerability in KDE Kcheckpass kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. | 6.9 |
2012-01-04 | CVE-2011-3337 | Eeye HP SGI SUN | Permissions, Privileges, and Access Controls vulnerability in Eeye products eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gauntlet program in an arbitrary directory under /usr/local/. | 6.9 |
2012-01-08 | CVE-2012-0392 | Apache | Unspecified vulnerability in Apache Struts The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. | 6.8 |
2012-01-08 | CVE-2011-4870 | Invensys | Buffer Errors vulnerability in Invensys Wonderware Inbatch 8.1/9.0/9.5 Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141. | 6.8 |
2012-01-04 | CVE-2011-5052 | Cocsoft | Buffer Errors vulnerability in Cocsoft Stream Down 6.8 Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request. | 6.8 |
2012-01-02 | CVE-2011-3669 | Mozilla | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments. | 6.8 |
2012-01-02 | CVE-2011-3668 | Mozilla | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports. | 6.8 |
2012-01-02 | CVE-2011-3667 | Mozilla | Improper Authentication vulnerability in Mozilla Bugzilla The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message. | 6.8 |
2012-01-08 | CVE-2012-0393 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Struts The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. | 6.4 |
2012-01-04 | CVE-2011-5050 | Elitecore | SQL Injection vulnerability in Elitecore Cyberoam Unified Threat Management SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. | 6.0 |
2012-01-08 | CVE-2011-4056 | Siemens | Unspecified vulnerability in Siemens Tecnomatix Factorylink 6.6.1/7.5.217/8.0.2.54 An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. | 5.8 |
2012-01-06 | CVE-2011-5053 | WI FI | Improper Authentication vulnerability in Wi-Fi Wifi Protected Setup Protocol The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages. | 5.8 |
2012-01-04 | CVE-2011-4921 | E107 | SQL Injection vulnerability in E107 0.7.26 SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter. | 5.1 |
2012-01-08 | CVE-2011-4532 | Siemens | Path Traversal vulnerability in Siemens Automation License Manager 5.1 Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method. | 5.0 |
2012-01-08 | CVE-2011-4531 | Siemens | Improper Input Validation vulnerability in Siemens Automation License Manager 5.1 Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command. | 5.0 |
2012-01-08 | CVE-2011-4530 | Siemens | Improper Input Validation vulnerability in Siemens Automation License Manager 5.1 Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function. | 5.0 |
2012-01-08 | CVE-2011-5057 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Struts Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. | 5.0 |
2012-01-08 | CVE-2011-4361 | Mediawiki | Permissions, Privileges, and Access Controls vulnerability in Mediawiki and Mediawiki Botquery EXT MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions. | 5.0 |
2012-01-08 | CVE-2011-4360 | Mediawiki | Permissions, Privileges, and Access Controls vulnerability in Mediawiki and Mediawiki Botquery EXT MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter. | 5.0 |
2012-01-08 | CVE-2011-5055 | Maradns | Improper Input Validation vulnerability in Maradns 1.3.07.012/1.4.08 MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. | 5.0 |
2012-01-06 | CVE-2012-0027 | Openssl | Resource Management Errors vulnerability in Openssl The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. | 5.0 |
2012-01-06 | CVE-2011-4619 | Openssl | Resource Management Errors vulnerability in Openssl The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | 5.0 |
2012-01-06 | CVE-2011-4576 | Openssl | Cryptographic Issues vulnerability in Openssl The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. | 5.0 |
2012-01-05 | CVE-2011-4905 | Apache | Resource Management Errors vulnerability in Apache Activemq Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests. | 5.0 |
2012-01-03 | CVE-2011-4642 | Splunk | Cross-Site Request Forgery (CSRF) vulnerability in Splunk mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172. | 4.6 |
2012-01-08 | CVE-2011-3206 | Redhat RHQ Project | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-01-06 | CVE-2011-4616 | Igor Vlasenko | Cross-Site Scripting vulnerability in Igor Vlasenko Html-Template-Pro Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters. | 4.3 |
2012-01-06 | CVE-2012-0390 | GNU | Cryptographic Issues vulnerability in GNU Gnutls The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. | 4.3 |
2012-01-06 | CVE-2011-4577 | Openssl | Resource Management Errors vulnerability in Openssl OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. | 4.3 |
2012-01-06 | CVE-2011-4108 | Openssl | Cryptographic Issues vulnerability in Openssl The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. | 4.3 |
2012-01-05 | CVE-2011-5019 | Textpattern | Cross-Site Scripting vulnerability in Textpattern 4.4.1 Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter. | 4.3 |
2012-01-04 | CVE-2011-5049 | Microsoft | Denial-Of-Service vulnerability in MySQL MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306. | 4.3 |
2012-01-04 | CVE-2011-4920 | E107 | Cross-Site Scripting vulnerability in E107 0.7.26 Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures. | 4.3 |
2012-01-04 | CVE-2007-6751 | H FJ Sixapart | Cross-Site Scripting vulnerability in H-Fj Mailform Plugin 1.00/1.10 Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-01-04 | CVE-2011-1386 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature. | 4.3 |
2012-01-03 | CVE-2011-5048 | IBM | Cross-Site Scripting vulnerability in IBM web Experience Factory 7.0/7.0.1 Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo. | 4.3 |
2012-01-03 | CVE-2011-5047 | Pfsense | Cross-Site Scripting vulnerability in Pfsense Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter. | 4.3 |
2012-01-03 | CVE-2011-4778 | Splunk | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614. | 4.3 |
2012-01-02 | CVE-2011-3657 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Bugzilla Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) tabular report, (2) graphical report, or (3) new chart. | 4.3 |
2012-01-04 | CVE-2011-1384 | IBM | Link Following vulnerability in IBM Invscout.Rte The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. | 4.0 |
2012-01-03 | CVE-2011-4643 | Splunk | Path Traversal vulnerability in Splunk Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. | 4.0 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-01-06 | CVE-2012-0287 | Wordpress | Cross-Site Scripting vulnerability in Wordpress 3.3 Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. | 2.6 |
2012-01-08 | CVE-2011-5056 | Maradns | Resource Exhaustion vulnerability in Maradns The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024. | 2.1 |