Weekly Vulnerabilities Reports > February 27 to March 4, 2012

Overview

28 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 47 products from 14 vendors including Cisco, Movabletype, IBM, Sixapart, and Apple. Vulnerabilities are notably categorized as "Resource Management Errors", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Code Injection", and "Information Exposure".

  • 27 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 25 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-02 CVE-2012-0838 Apache Improper Input Validation vulnerability in Apache Struts

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

10.0
2012-02-29 CVE-2012-1418 Google
Acer
Samsung
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
10.0
2012-03-02 CVE-2012-0201 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Personal Communications 5.9.7.0/5.9.7.1/6.0.3.0

Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.

9.3
2012-03-01 CVE-2012-0371 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709.

9.3
2012-03-01 CVE-2012-0366 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unity Connection

Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141.

9.0

12 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-02 CVE-2011-1385 IBM Resource Management Errors vulnerability in IBM AIX and Vios

IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.

7.8
2012-03-01 CVE-2012-0370 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435.

7.8
2012-03-01 CVE-2012-0369 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID CSCtt07949.

7.8
2012-03-01 CVE-2012-0368 Cisco Resource Management Errors vulnerability in Cisco products

The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device crash) via a malformed URL in an HTTP request, aka Bug ID CSCts81997.

7.8
2012-03-01 CVE-2012-0367 Cisco Resource Management Errors vulnerability in Cisco Unity Connection

Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segments, aka Bug ID CSCtq67899.

7.8
2012-03-01 CVE-2012-0359 Cisco Resource Management Errors vulnerability in Cisco Cius and Cius Software

The Cisco Cius with software before 9.2(1) SR2 allows remote attackers to cause a denial of service (device crash or hang) via malformed network traffic, aka Bug ID CSCto71445.

7.8
2012-03-01 CVE-2012-0330 Cisco Resource Management Errors vulnerability in Cisco products

Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426.

7.8
2012-03-01 CVE-2011-4486 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538.

7.8
2012-03-03 CVE-2012-0320 Sixapart Remote vulnerability in Movable Type

Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.

7.5
2012-03-02 CVE-2011-4189 Novell Code Injection vulnerability in Novell Groupwise 8.0/8.0.1/8.0.2

The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.

7.5
2012-03-02 CVE-2011-3443 Apple Resource Management Errors vulnerability in Apple Safari

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules.

7.5
2012-03-01 CVE-2012-0331 Cisco Resource Management Errors vulnerability in Cisco products

Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319.

7.5

10 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-03 CVE-2012-0317 Sixapart Cross-Site Request Forgery (CSRF) vulnerability in Sixapart Movable Type

Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.

6.8
2012-03-01 CVE-2011-4487 Cisco SQL Injection vulnerability in Cisco products

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

6.8
2012-03-03 CVE-2012-0319 Movabletype Code Injection vulnerability in Movabletype products

The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.

6.5
2012-03-02 CVE-2012-0316 Cookpad Information Exposure vulnerability in Cookpad Android Activities and Android Mykitchen

The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier applications for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

5.0
2012-02-29 CVE-2006-7250 Openssl Denial Of Service vulnerability in OpenSSL ASN.1 S/MIME Header Processing Null Pointer Dereference

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.

5.0
2012-03-03 CVE-2012-1262 Movabletype Cross-Site Scripting vulnerability in Movabletype products

Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318.

4.3
2012-03-03 CVE-2012-0318 Movabletype Cross-Site Scripting vulnerability in Movabletype products

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262.

4.3
2012-03-02 CVE-2012-0715 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-02-29 CVE-2012-1410 Kadu Cross-Site Scripting vulnerability in Kadu 0.10.0/0.11.0/0.9.0

Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.

4.3
2012-03-03 CVE-2012-1497 Movabletype Path Traversal vulnerability in Movabletype products

The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-02 CVE-2012-0321 Kingsoft Local Denial Of Service vulnerability in Kingsoft Internet Security 2011

Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application.

2.1