Weekly Vulnerabilities Reports > May 27 to June 2, 2013

Overview

38 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 52 products from 21 vendors including IBM, Cisco, Lockon, Redhat, and Apache. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Authentication", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".

  • 35 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 31 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

5 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-06-01 CVE-2013-0136 Mutiny Path Traversal vulnerability in Mutiny Mutiny, Mutiny Appliance and Mutiny Virtual Appliance

Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.

8.5
2013-05-31 CVE-2013-3721 Psychostats SQL Injection vulnerability in Psychostats 3.2.2B

SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.

7.5
2013-05-27 CVE-2013-2956 IBM SQL Injection vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite

SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-05-29 CVE-2013-3666 Google
LG
Permissions, Privileges, and Access Controls vulnerability in multiple products

The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button.

7.2
2013-05-29 CVE-2013-2069 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Livecd-Tools

Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.

7.2

29 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-06-01 CVE-2013-2067 Apache Improper Authentication vulnerability in Apache Tomcat

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

6.8
2013-05-31 CVE-2013-1246 Cisco Resource Management Errors vulnerability in Cisco Telepresence System Software

Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610.

6.8
2013-05-28 CVE-2013-2989 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Connect 3.8.00/4.0.00/4.1.0.0

The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.

6.8
2013-05-31 CVE-2013-3315 Tibco Permissions, Privileges, and Access Controls vulnerability in Tibco Silver Mobile 1.1.0

The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors.

6.5
2013-05-29 CVE-2013-1212 Cisco Cryptographic Issues vulnerability in Cisco Nexus 1000V and Nx-Os

The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837.

5.8
2013-05-29 CVE-2013-1208 Cisco Cryptographic Issues vulnerability in Cisco Nx-Os

The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691.

5.8
2013-05-27 CVE-2012-6399 Cisco Improper Input Validation vulnerability in Cisco Webex 4.1

Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176.

5.8
2013-05-29 CVE-2013-1210 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Nx-Os

Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825.

5.4
2013-06-01 CVE-2012-3544 Apache Improper Input Validation vulnerability in Apache Tomcat

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

5.0
2013-05-31 CVE-2013-3735 PHP Improper Input Validation vulnerability in PHP

** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment.

5.0
2013-05-29 CVE-2013-2315 Lockon Improper Input Validation vulnerability in Lockon Ec-Cube

data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request.

5.0
2013-05-29 CVE-2013-1213 Cisco Resource Management Errors vulnerability in Cisco Nexus 1000V and Nx-Os

Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840.

5.0
2013-05-29 CVE-2013-1211 Cisco Improper Authentication vulnerability in Cisco Nx-Os

Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832.

5.0
2013-05-29 CVE-2013-1209 Cisco Improper Authentication vulnerability in Cisco Nx-Os

The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710.

5.0
2013-05-29 CVE-2002-2443 MIT
Opensuse
Fedoraproject
Redhat
Debian
Canonical
Improper Input Validation vulnerability in multiple products

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

5.0
2013-05-29 CVE-2013-1962 Redhat Resource Management Errors vulnerability in Redhat Libvirt 1.0.5

The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."

5.0
2013-05-28 CVE-2013-0599 IBM Information Exposure vulnerability in IBM Rational Directory Server

IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code.

5.0
2013-05-27 CVE-2013-2959 IBM Credentials Management vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite

The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2013-05-27 CVE-2013-2954 IBM Improper Authentication vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite

The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

5.0
2013-06-01 CVE-2013-3261 Photogallerycreator
Wordpress
Cross-Site Scripting vulnerability in Photogallerycreator Flash-Album-Gallery

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action.

4.3
2013-05-31 CVE-2013-1247 Cisco Cross-Site Scripting vulnerability in Cisco Prime Infrastructure

Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356.

4.3
2013-05-31 CVE-2013-3719 Algisinfo
Joomla
Cross-Site Scripting vulnerability in Algisinfo Aicontactsafe

Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-29 CVE-2013-2314 Lockon Cross-Site Scripting vulnerability in Lockon Ec-Cube

Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen.

4.3
2013-05-29 CVE-2013-2312 Lockon Cross-Site Scripting vulnerability in Lockon Ec-Cube

Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2013-05-29 CVE-2013-0482 IBM Security vulnerability in IBM products

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489.

4.3
2013-05-28 CVE-2013-0499 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services.

4.3
2013-05-28 CVE-2013-0576 IBM Cross-Site Scripting vulnerability in IBM Tivoli Monitoring

Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-27 CVE-2013-2953 IBM Cryptographic Issues vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite

IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

4.3
2013-05-29 CVE-2013-2313 Lockon Improper Authentication vulnerability in Lockon Ec-Cube

Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-31 CVE-2013-3720 Feedweb
Wordpress
Cross-Site Scripting vulnerability in Feedweb

Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.

3.5
2013-05-27 CVE-2013-2957 IBM Cross-Site Scripting vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2013-05-27 CVE-2013-2955 IBM Cross-Site Scripting vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue.

3.5
2013-06-01 CVE-2013-2071 Apache Information Exposure vulnerability in Apache Tomcat

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

2.6