Weekly Vulnerabilities Reports > July 4 to 10, 2016

Overview

45 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 50 products from 20 vendors including IBM, Apache, Opensuse, Siemens, and Oracle. Vulnerabilities are notably categorized as "Improper Input Validation", "Information Exposure", "Cross-site Scripting", "Improper Access Control", and "Permissions, Privileges, and Access Controls".

  • 39 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 34 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-07-07 CVE-2016-1442 Cisco Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.0/3.1

The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280.

9.0

4 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-07-04 CVE-2016-3092 HP
Apache
Debian
Canonical
Improper Input Validation vulnerability in multiple products

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

7.8
2016-07-04 CVE-2016-4438 Apache Improper Input Validation vulnerability in Apache Struts

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.

7.5
2016-07-08 CVE-2016-0271 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Urbancode Deploy

The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.

7.2
2016-07-07 CVE-2016-0230 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Hardware Management Console

IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors.

7.2

33 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-07-08 CVE-2016-4324 Debian
Libreoffice
Canonical
Improper Input Validation vulnerability in multiple products

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.

6.8
2016-07-08 CVE-2016-2889 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz Reporting Service

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.

6.8
2016-07-07 CVE-2016-2119 Samba Improper Access Control vulnerability in Samba

libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.

6.8
2016-07-07 CVE-2016-1443 Cisco 7PK - Security Features vulnerability in Cisco AMP Threat Grid Appliance

The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample.

6.8
2016-07-04 CVE-2016-4430 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache Struts

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

6.8
2016-07-04 CVE-2016-1181 Oracle
Apache
Remote Code Execution vulnerability in Apache Struts

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

6.8
2016-07-08 CVE-2016-0315 IBM Improper Access Control vulnerability in IBM Jazz Reporting Service

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.

6.5
2016-07-06 CVE-2016-0906 EMC Improper Access Control vulnerability in EMC Avamar

The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.

6.5
2016-07-04 CVE-2016-1182 Apache Improper Input Validation vulnerability in Apache Struts

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

6.4
2016-07-08 CVE-2016-2945 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server 8.5.5.8/8.5.5.9

The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.

6.0
2016-07-07 CVE-2016-1444 Cisco Improper Input Validation vulnerability in Cisco products

The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.

5.8
2016-07-06 CVE-2016-4507 Rexroth SQL Injection vulnerability in Rexroth Bladecontrol-Webvis

SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

5.5
2016-07-08 CVE-2016-4463 Apache
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.

5.0
2016-07-07 CVE-2016-2923 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5.0
2016-07-07 CVE-2016-0389 IBM Information Exposure vulnerability in IBM Websphere Application Server

Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2016-07-06 CVE-2016-4979 Apache Improper Access Control vulnerability in Apache Http Server 2.4.18/2.4.19/2.4.20

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.

5.0
2016-07-05 CVE-2016-5098 Phpmyadmin
Opensuse
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.

5.0
2016-07-05 CVE-2016-5097 Opensuse
Phpmyadmin
Information Exposure vulnerability in multiple products

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

5.0
2016-07-05 CVE-2016-4957 Oracle
Novell
Opensuse
NTP
Suse
NULL Pointer Dereference vulnerability in multiple products

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.

5.0
2016-07-05 CVE-2016-4956 NTP
Oracle
Suse
Novell
Opensuse
Siemens
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.
5.0
2016-07-05 CVE-2016-4954 NTP
Oracle
Suse
Opensuse
Siemens
Race Condition vulnerability in multiple products

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

5.0
2016-07-05 CVE-2016-4953 NTP
Oracle
Suse
Opensuse
Siemens
Improper Authentication vulnerability in multiple products

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

5.0
2016-07-04 CVE-2016-4465 Apache Improper Input Validation vulnerability in Apache Struts

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

5.0
2016-07-04 CVE-2016-4433 Apache Improper Input Validation vulnerability in Apache Struts

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.

5.0
2016-07-04 CVE-2016-4431 Apache Improper Input Validation vulnerability in Apache Struts

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.

5.0
2016-07-04 CVE-2015-0899 Apache Improper Input Validation vulnerability in Apache Struts

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.

5.0
2016-07-08 CVE-2016-2888 IBM Cross-site Scripting vulnerability in IBM Jazz Reporting Service

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350.

4.3
2016-07-06 CVE-2016-4508 Rexroth Cross-site Scripting vulnerability in Rexroth Bladecontrol-Webvis

Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-07-06 CVE-2016-1546 Apache Resource Management Errors vulnerability in Apache Http Server 2.4.17/2.4.18

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.

4.3
2016-07-05 CVE-2016-5099 Phpmyadmin
Opensuse
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

4.3
2016-07-05 CVE-2016-4955 NTP
Oracle
Suse
Novell
Opensuse
Siemens
Race Condition vulnerability in multiple products

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

4.3
2016-07-08 CVE-2016-0314 IBM Clickjacking vulnerability in IBM Jazz Reporting Service

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors.

4.0
2016-07-06 CVE-2016-6170 ISC
Redhat
Improper Input Validation vulnerability in multiple products

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-07-08 CVE-2016-0350 IBM Cross-site Scripting vulnerability in IBM Jazz Reporting Service

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313.

3.5
2016-07-08 CVE-2016-0313 IBM Cross-site Scripting vulnerability in IBM Jazz Reporting Service

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350.

3.5
2016-07-04 CVE-2016-0899 EMC Information Exposure vulnerability in EMC RSA Archer Egrc

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.

3.5
2016-07-08 CVE-2016-0287 IBM
Microsoft
Information Exposure vulnerability in IBM I Access 7.1

IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.

2.1
2016-07-08 CVE-2016-0252 IBM Information Exposure vulnerability in IBM Control Center and Sterling Control Center

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.

1.9
2016-07-04 CVE-2016-5849 Siemens Information Exposure vulnerability in Siemens Sicam PAS 8.06

Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.

1.9
2016-07-04 CVE-2016-5848 Siemens Information Exposure vulnerability in Siemens Sicam PAS 8.06

Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.

1.7