Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
32 vulnerabilities by Apple Inc.
JVNDB-2018-000116
Vulnerability from jvndb - Published: 2018-11-02 14:42 - Updated:2018-11-02 14:42
Severity
Summary
Mail app for iOS vulnerable to denial-of-service (DoS)
Details
Mail app for iOS provided by Apple contains a denial-of-service (DoS) vulnerability due to an issue in the handling of a maliciously crafted S/MIME signed message.
Yukinobu Nagayasu of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000116.html",
"dc:date": "2018-11-02T14:42+09:00",
"dcterms:issued": "2018-11-02T14:42+09:00",
"dcterms:modified": "2018-11-02T14:42+09:00",
"description": "Mail app for iOS provided by Apple contains a denial-of-service (DoS) vulnerability due to an issue in the handling of a maliciously crafted S/MIME signed message.\r\n\r\nYukinobu Nagayasu of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000116.html",
"sec:cpe": {
"#text": "cpe:/o:apple:iphone_os",
"@product": "iOS",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000116",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN96551318/index.html",
"@id": "JVN#96551318",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4400",
"@id": "CVE-2018-4400",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-4400",
"@id": "CVE-2018-4400",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Mail app for iOS vulnerable to denial-of-service (DoS)"
}
JVNDB-2018-000029
Vulnerability from jvndb - Published: 2018-03-30 13:39 - Updated:2018-06-14 14:02
Severity
Summary
Safari vulnerable to script injection
Details
Safari provided by Apple Inc. contains a script injection vulnerability (CWE-81) in the processing of displaying an error page when it fails to verify server certificates.
In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is output straightly. Therefore by exploiting this vulnerability, an arbitrary script may be executed on the user's web browser via an error page that is displayed when a user is led to visit a website with a specially crafted domain name.
Yuji Tonai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000029.html",
"dc:date": "2018-06-14T14:02+09:00",
"dcterms:issued": "2018-03-30T13:39+09:00",
"dcterms:modified": "2018-06-14T14:02+09:00",
"description": "Safari provided by Apple Inc. contains a script injection vulnerability (CWE-81) in the processing of displaying an error page when it fails to verify server certificates.\r\nIn an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is output straightly. Therefore by exploiting this vulnerability, an arbitrary script may be executed on the user\u0027s web browser via an error page that is displayed when a user is led to visit a website with a specially crafted domain name.\r\n\r\nYuji Tonai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000029.html",
"sec:cpe": {
"#text": "cpe:/a:apple:safari",
"@product": "Safari",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000029",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN01161596/index.html",
"@id": "JVN#01161596",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4133",
"@id": "CVE-2018-4133",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-4133",
"@id": "CVE-2018-4133",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Safari vulnerable to script injection"
}
JVNDB-2017-000116
Vulnerability from jvndb - Published: 2017-06-13 13:51 - Updated:2018-02-14 11:58
Severity
Summary
Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries
Details
Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000116.html",
"dc:date": "2018-02-14T11:58+09:00",
"dcterms:issued": "2017-06-13T13:51+09:00",
"dcterms:modified": "2018-02-14T11:58+09:00",
"description": "Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000116.html",
"sec:cpe": {
"#text": "cpe:/a:apple:quicktime",
"@product": "QuickTime",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000116",
"sec:references": [
{
"#text": "http://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN94771799/index.html",
"@id": "JVN#94771799",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2218",
"@id": "CVE-2017-2218",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2218",
"@id": "CVE-2017-2218",
"@source": "NVD"
},
{
"#text": "https://www.us-cert.gov/ncas/alerts/TA16-105A",
"@id": "TA16-105A",
"@source": "CERT-TA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries"
}
JVNDB-2015-000177
Vulnerability from jvndb - Published: 2015-11-13 14:25 - Updated:2015-11-17 16:15Summary
Apple OS X authentication issue when recovering from sleep mode
Details
Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode.
Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000177.html",
"dc:date": "2015-11-17T16:15+09:00",
"dcterms:issued": "2015-11-13T14:25+09:00",
"dcterms:modified": "2015-11-17T16:15+09:00",
"description": "Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode.\r\n\r\nMasaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000177.html",
"sec:cpe": [
{
"#text": "cpe:/a:apple:apple_remote_desktop",
"@product": "Apple Remote Desktop",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "3.7",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000177",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN56210048/index.html",
"@id": "JVN#56210048",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5229",
"@id": "CVE-2013-5229",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5229",
"@id": "CVE-2013-5229",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Apple OS X authentication issue when recovering from sleep mode"
}
JVNDB-2014-004316
Vulnerability from jvndb - Published: 2014-09-25 14:54 - Updated:2014-09-25 14:54Summary
Safari issue in handling application cache
Details
Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on.
Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-004316.html",
"dc:date": "2014-09-25T14:54+09:00",
"dcterms:issued": "2014-09-25T14:54+09:00",
"dcterms:modified": "2014-09-25T14:54+09:00",
"description": "Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on.\r\n\r\nYosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-004316.html",
"sec:cpe": [
{
"#text": "cpe:/a:apple:safari",
"@product": "Safari",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:iphone_os",
"@product": "iOS",
"@vendor": "Apple Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-004316",
"sec:references": [
{
"#text": "http://jvn.jp/vu/JVNVU93868849/index.html",
"@id": "JVNVU#93868849",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN45442753/index.html",
"@id": "JVN#45442753",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4409",
"@id": "CVE-2014-4409",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4409",
"@id": "CVE-2014-4409",
"@source": "NVD"
},
{
"#text": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html",
"@id": "APPLE-SA-2014-09-17-1 iOS 8",
"@source": "Related Information"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-DesignError",
"@title": "No Mapping(CWE-DesignError)"
}
],
"title": "Safari issue in handling application cache"
}
JVNDB-2013-000050
Vulnerability from jvndb - Published: 2013-05-31 15:44 - Updated:2013-05-31 15:44Summary
Safari information disclosure vulnerability
Details
Safari contains an information disclosure vulnerability caused the by the improper handling of XML files.
Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000050.html",
"dc:date": "2013-05-31T15:44+09:00",
"dcterms:issued": "2013-05-31T15:44+09:00",
"dcterms:modified": "2013-05-31T15:44+09:00",
"description": "Safari contains an information disclosure vulnerability caused the by the improper handling of XML files.\r\n\r\nTakayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000050.html",
"sec:cpe": {
"#text": "cpe:/a:apple:safari",
"@product": "Safari",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000050",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN07354844/index.html",
"@id": "JVN#07354844",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Safari information disclosure vulnerability"
}
JVNDB-2012-000095
Vulnerability from jvndb - Published: 2012-10-31 15:01 - Updated:2012-10-31 15:01Summary
Mac OS X OpenSSH vulnerable to denial-of-service (DoS)
Details
The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service.
The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service.
MASAKI KATAYAMA of Appirits inc Cyber Security Laboratory reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
[JPCERT/CC Addendum]
This JVN publication was delayed to 2012/10/31 after the developer fix was developed. From the fiscal year 2011, JPCERT/CC is using a new vendor coordination procedure. This new procedure came from the recommendation of the fiscal year 2010 "Study Group on Information System Vulnerability Handling" aimed at more timely JVN publications.
References
| Type | URL | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000095.html",
"dc:date": "2012-10-31T15:01+09:00",
"dcterms:issued": "2012-10-31T15:01+09:00",
"dcterms:modified": "2012-10-31T15:01+09:00",
"description": "The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service.\r\n\r\nThe OpenSSH implementation in Mac OS X is vulnerable to denial-of-service.\r\n\r\nMASAKI KATAYAMA of Appirits inc Cyber Security Laboratory reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\n[JPCERT/CC Addendum]\r\nThis JVN publication was delayed to 2012/10/31 after the developer fix was developed. From the fiscal year 2011, JPCERT/CC is using a new vendor coordination procedure. This new procedure came from the recommendation of the fiscal year 2010 \"Study Group on Information System Vulnerability Handling\" aimed at more timely JVN publications.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000095.html",
"sec:cpe": {
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000095",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN75345069/index.html",
"@id": "JVN#75345069",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Mac OS X OpenSSH vulnerable to denial-of-service (DoS)"
}
JVNDB-2012-000088
Vulnerability from jvndb - Published: 2012-10-23 14:57 - Updated:2012-10-23 14:57Summary
Safari vulnerable to local file content disclosure
Details
Safari contains a vulnerability where a local file may be accessed from remote, which may result in a local file content disclosure.
Masahiro YAMADA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000088.html",
"dc:date": "2012-10-23T14:57+09:00",
"dcterms:issued": "2012-10-23T14:57+09:00",
"dcterms:modified": "2012-10-23T14:57+09:00",
"description": "Safari contains a vulnerability where a local file may be accessed from remote, which may result in a local file content disclosure.\r\n\r\nMasahiro YAMADA reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000088.html",
"sec:cpe": {
"#text": "cpe:/a:apple:safari",
"@product": "Safari",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000088",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN42676559/index.html",
"@id": "JVN#42676559",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3713",
"@id": "CVE-2012-3713",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3713",
"@id": "CVE-2012-3713",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Safari vulnerable to local file content disclosure"
}
JVNDB-2011-000105
Vulnerability from jvndb - Published: 2011-12-15 16:30 - Updated:2011-12-15 16:30Summary
Safari for iOS vulnerable to denial-of-service
Details
Safari for iOS contains a denial-of-service (DoS) vulnerability.
Shuichiro Suzuki of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000105.html",
"dc:date": "2011-12-15T16:30+09:00",
"dcterms:issued": "2011-12-15T16:30+09:00",
"dcterms:modified": "2011-12-15T16:30+09:00",
"description": "Safari for iOS contains a denial-of-service (DoS) vulnerability.\r\n\r\nShuichiro Suzuki of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000105.html",
"sec:cpe": {
"#text": "cpe:/o:apple:iphone_os",
"@product": "iOS",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000105",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN15549168/index.html",
"@id": "JVN#15549168",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Safari for iOS vulnerable to denial-of-service"
}
JVNDB-2011-000097
Vulnerability from jvndb - Published: 2011-11-04 17:36 - Updated:2011-11-04 17:36Summary
WebObjects vulnerable to cross-site scripting
Details
WebObjects provided by Apple, contains a cross-site scripting vulnerability.
WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000097.html",
"dc:date": "2011-11-04T17:36+09:00",
"dcterms:issued": "2011-11-04T17:36+09:00",
"dcterms:modified": "2011-11-04T17:36+09:00",
"description": "WebObjects provided by Apple, contains a cross-site scripting vulnerability.\r\n\r\nWebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability.\r\n\r\nDaiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000097.html",
"sec:cpe": {
"#text": "cpe:/a:apple:webobjects",
"@product": "WebObjects",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000097",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN37223351/index.html",
"@id": "JVN#37223351",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3998",
"@id": "CVE-2011-3998",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3998",
"@id": "CVE-2011-3998",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WebObjects vulnerable to cross-site scripting"
}
JVNDB-2011-000088
Vulnerability from jvndb - Published: 2011-10-17 18:56 - Updated:2012-08-07 12:11Summary
Safari for iOS vulnerable to cross-site scripting
Details
Safari for iOS provided by Apple contains a cross-site scripting vulnerability.
Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability.
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000088.html",
"dc:date": "2012-08-07T12:11+09:00",
"dcterms:issued": "2011-10-17T18:56+09:00",
"dcterms:modified": "2012-08-07T12:11+09:00",
"description": "Safari for iOS provided by Apple contains a cross-site scripting vulnerability.\r\n\r\nSafari for iOS provided by Apple does not support the \"attachment\" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability.\r\n\r\nYoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000088.html",
"sec:cpe": {
"#text": "cpe:/a:apple:safari",
"@product": "Safari",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000088",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN41657660/index.html",
"@id": "JVN#41657660",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3426",
"@id": "CVE-2011-3426",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3426",
"@id": "CVE-2011-3426",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Safari for iOS vulnerable to cross-site scripting"
}
JVNDB-2009-002207
Vulnerability from jvndb - Published: 2011-01-07 14:40 - Updated:2011-01-07 14:40Summary
SquirrelMail vulnerable to cross-site request forgery
Details
SquirrelMail contains a cross-site request forgery vulnerability.
SquirrelMail from SquirrelMail Project is an open source webmail (web-based email).
SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery.
Daiki Fukumori reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002207.html",
"dc:date": "2011-01-07T14:40+09:00",
"dcterms:issued": "2011-01-07T14:40+09:00",
"dcterms:modified": "2011-01-07T14:40+09:00",
"description": "SquirrelMail contains a cross-site request forgery vulnerability.\r\n\r\nSquirrelMail from SquirrelMail Project is an open source webmail (web-based email).\r\nSquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery.\r\n\r\nDaiki Fukumori reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002207.html",
"sec:cpe": [
{
"#text": "cpe:/a:squirrelmail:squirrelmail",
"@product": "SquirrelMail",
"@vendor": "SquirrelMail Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-002207",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN30881447/index.html",
"@id": "JVN#30881447",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2964",
"@id": "CVE-2009-2964",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2964",
"@id": "CVE-2009-2964",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/34627",
"@id": "SA34627",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/36196",
"@id": "36196",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/52406",
"@id": "52406",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/2262",
"@id": "VUPEN/ADV-2009-2262",
"@source": "VUPEN"
},
{
"#text": "http://www.osvdb.org/57001",
"@id": "57001",
"@source": "OSVDB"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "SquirrelMail vulnerable to cross-site request forgery"
}
JVNDB-2010-001538
Vulnerability from jvndb - Published: 2010-11-26 17:16 - Updated:2010-12-10 17:48Summary
Safari address bar spoofing vulnerability
Details
Safari contains a vulnerability where the URL displayed in the address may be spoofed.
Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001538.html",
"dc:date": "2010-12-10T17:48+09:00",
"dcterms:issued": "2010-11-26T17:16+09:00",
"dcterms:modified": "2010-12-10T17:48+09:00",
"description": "Safari contains a vulnerability where the URL displayed in the address may be spoofed.\r\n\r\nSafari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001538.html",
"sec:cpe": [
{
"#text": "cpe:/a:apple:safari",
"@product": "Safari",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:apple:ipad",
"@product": "iPad",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:apple:iphone",
"@product": "iPhone",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:apple:ipod_touch",
"@product": "iPod touch",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:iphone_os",
"@product": "iOS",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:iphone_os_for_ipod_touch",
"@product": "iOS for iPod touch",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-001538",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN46026251/index.html",
"@id": "JVN#46026251",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1384",
"@id": "CVE-2010-1384",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1384",
"@id": "CVE-2010-1384",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/40105",
"@id": "SA40105",
"@source": "SECUNIA"
},
{
"#text": "http://securitytracker.com/id?1024067",
"@id": "1024067",
"@source": "SECTRACK"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/1373",
"@id": "VUPEN/ADV-2010-1373",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Safari address bar spoofing vulnerability"
}
JVNDB-2010-000054
Vulnerability from jvndb - Published: 2010-11-09 19:59 - Updated:2011-02-01 16:22Summary
Flash Player access restriction bypass vulnerability
Details
Flash Player contains an access restriction bypass vulnerability.
When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file.
Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000054.html",
"dc:date": "2011-02-01T16:22+09:00",
"dcterms:issued": "2010-11-09T19:59+09:00",
"dcterms:modified": "2011-02-01T16:22+09:00",
"description": "Flash Player contains an access restriction bypass vulnerability.\r\n\r\nWhen Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file.\r\n\r\nFlash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000054.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:flash_player",
"@product": "Adobe Flash Player",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux Extras",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_desktop_supplementary",
"@product": "RHEL Desktop Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_server_supplementary",
"@product": "Red Hat Enterprise Linux Server Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_supplementary",
"@product": "RHEL Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_workstation_supplementary",
"@product": "Red Hat Enterprise Linux Workstation Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:oracle:solaris",
"@product": "Oracle Solaris",
"@vendor": "Oracle Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000054",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN48425028/index.html",
"@id": "JVN#48425028",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/cert/JVNVU331391",
"@id": "JVNVU#331391",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636",
"@id": "CVE-2010-3636",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3636",
"@id": "CVE-2010-3636",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/42183",
"@id": "SA42183",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/44691",
"@id": "44691",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/2903",
"@id": "VUPEN/ADV-2010-2903",
"@source": "VUPEN"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/2906",
"@id": "VUPEN/ADV-2010-2906",
"@source": "VUPEN"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/2918",
"@id": "VUPEN/ADV-2010-2918",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Flash Player access restriction bypass vulnerability"
}
JVNDB-2009-000040
Vulnerability from jvndb - Published: 2009-06-18 17:54 - Updated:2009-06-18 17:54Summary
iPhone OS denial of service (DoS) vulnerability
Details
iPhone OS from Apple contains a denial of service (DoS) vulnerability.
Masaki Yoshida reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000040.html",
"dc:date": "2009-06-18T17:54+09:00",
"dcterms:issued": "2009-06-18T17:54+09:00",
"dcterms:modified": "2009-06-18T17:54+09:00",
"description": "iPhone OS from Apple contains a denial of service (DoS) vulnerability.\r\n\r\nMasaki Yoshida reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000040.html",
"sec:cpe": [
{
"#text": "cpe:/o:apple:iphone_os",
"@product": "iOS",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:iphone_os_for_ipod_touch",
"@product": "iOS for iPod touch",
"@vendor": "Apple Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000040",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN87239696/index.html",
"@id": "JVN#87239696",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1683",
"@id": "CVE-2009-1683",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1683",
"@id": "CVE-2009-1683",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200906_iphone_en.html",
"@id": "Security Alert for Vulnerability in iPhone OS",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "iPhone OS denial of service (DoS) vulnerability"
}
JVNDB-2009-000037
Vulnerability from jvndb - Published: 2009-06-18 17:54 - Updated:2012-09-28 13:40Summary
Apache Tomcat denial of service (DoS) vulnerability
Details
Apache Tomcat from The Apache Software Foundation contains a denial of service (DoS) vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
If Tomcat receives a request with an invalid header via the Java AJP connector, it will not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behavior can be used for a denial of service attack using a carefully crafted request.
According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
For more information, refer to the developer's website.
Yoshihito Fukuyama of NTT OSS Center reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000037.html",
"dc:date": "2012-09-28T13:40+09:00",
"dcterms:issued": "2009-06-18T17:54+09:00",
"dcterms:modified": "2012-09-28T13:40+09:00",
"description": "Apache Tomcat from The Apache Software Foundation contains a denial of service (DoS) vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nIf Tomcat receives a request with an invalid header via the Java AJP connector, it will not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behavior can be used for a denial of service attack using a carefully crafted request.\r\n\r\nAccording to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\r\nFor more information, refer to the developer\u0027s website.\r\n\r\nYoshihito Fukuyama of NTT OSS Center reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000037.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:hp:tomcat-based_servlet_engine",
"@product": "HP-UX Tomcat-based Servlet Engine",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:infoframe_documentskipper",
"@product": "InfoFrame DocumentSkipper",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:server",
"@product": "VMware Server",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:vcenter",
"@product": "VMware vCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:virtualcenter",
"@product": "VMware VirtualCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:opensolaris",
"@product": "OpenSolaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000037",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN87272440/index.html",
"@id": "JVN#87272440",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033",
"@id": "CVE-2009-0033",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0033",
"@id": "CVE-2009-0033",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/35326",
"@id": "SA35326",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/35344",
"@id": "SA35344",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/35193",
"@id": "35193",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/50928",
"@id": "50928",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/alerts/2009/Jun/1022331.html",
"@id": "1022331",
"@source": "SECTRACK"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/1496",
"@id": "VUPEN/ADV-2009-1496",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Apache Tomcat denial of service (DoS) vulnerability"
}
JVNDB-2009-000036
Vulnerability from jvndb - Published: 2009-06-18 17:53 - Updated:2012-09-28 13:35Summary
Apache Tomcat information disclosure vulnerability
Details
Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory.
According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
For more information, refer to the developer's website.
Minehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html",
"dc:date": "2012-09-28T13:35+09:00",
"dcterms:issued": "2009-06-18T17:53+09:00",
"dcterms:modified": "2012-09-28T13:35+09:00",
"description": "Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory.\r\n\r\nAccording to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\r\nFor more information, refer to the developer\u0027s website.\r\n\r\nMinehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_studio",
"@product": "Interstage Studio",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hp:tomcat-based_servlet_engine",
"@product": "HP-UX Tomcat-based Servlet Engine",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:infoframe_documentskipper",
"@product": "InfoFrame DocumentSkipper",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:mcone",
"@product": "MCOne",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:websam_securemaster",
"@product": "WebSAM SECUREMASTER",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:server",
"@product": "VMware Server",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:vcenter",
"@product": "VMware vCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:virtualcenter",
"@product": "VMware VirtualCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:opensolaris",
"@product": "OpenSolaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000036",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN63832775/index.html",
"@id": "JVN#63832775",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515",
"@id": "CVE-2008-5515",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5515",
"@id": "CVE-2008-5515",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/35263",
"@id": "35263",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/1520",
"@id": "VUPEN/ADV-2009-1520",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Apache Tomcat information disclosure vulnerability"
}
JVNDB-2008-000039
Vulnerability from jvndb - Published: 2008-07-16 12:27 - Updated:2008-07-16 12:27Summary
Safari installed in iPod touch and iPhone vulnerable in handling server certificates
Details
Safari web browser installed in iPod touch and iPhone contains a vulnerability which allows a self-signed or invalid server certificate to be accepted without the user's explicit concent.
Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a self-signed or invalid server cerficate without the user's explicit concent when connecting via SSL/TLS.
According to Apple, "When Safari accesses a website that uses a self-signed or invalid certificate, it prompts the user to accept or reject the certificate. If the user presses the menu button while at the prompt, then on the next visit to the site, the certificate is accepted with no prompt."
Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000039.html",
"dc:date": "2008-07-16T12:27+09:00",
"dcterms:issued": "2008-07-16T12:27+09:00",
"dcterms:modified": "2008-07-16T12:27+09:00",
"description": "Safari web browser installed in iPod touch and iPhone contains a vulnerability which allows a self-signed or invalid server certificate to be accepted without the user\u0027s explicit concent.\r\n\r\nSafari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a self-signed or invalid server cerficate without the user\u0027s explicit concent when connecting via SSL/TLS.\r\n\r\nAccording to Apple, \"When Safari accesses a website that uses a self-signed or invalid certificate, it prompts the user to accept or reject the certificate. If the user presses the menu button while at the prompt, then on the next visit to the site, the certificate is accepted with no prompt.\"\r\n\r\nHiromitsu Takagi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000039.html",
"sec:cpe": [
{
"#text": "cpe:/h:apple:iphone",
"@product": "iPhone",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:apple:ipod_touch",
"@product": "iPod touch",
"@vendor": "Apple Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000039",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN88676089/",
"@id": "JVN#88676089",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1589",
"@id": "CVE-2008-1589",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1589",
"@id": "CVE-2008-1589",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Safari installed in iPod touch and iPhone vulnerable in handling server certificates"
}
JVNDB-2008-001043
Vulnerability from jvndb - Published: 2008-06-13 17:11 - Updated:2008-11-21 12:19Summary
X.Org Foundation X server buffer overflow vulnerability
Details
X server provided by the X.Org Foundation contains a buffer overflow vulnerability.
The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow.
X.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue.
Takuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001043.html",
"dc:date": "2008-11-21T12:19+09:00",
"dcterms:issued": "2008-06-13T17:11+09:00",
"dcterms:modified": "2008-11-21T12:19+09:00",
"description": "X server provided by the X.Org Foundation contains a buffer overflow vulnerability. \r\n\r\nThe X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow. \r\n\r\nX.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue. \r\n\r\nTakuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA. \r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001043.html",
"sec:cpe": [
{
"#text": "cpe:/a:fujitsu:pc-x",
"@product": "FUJITSU PC-X",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:suse:suse_open_enterprise_server",
"@product": "Open Enterprise Server",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/a:suse:suse_sles",
"@product": "SUSE SLES",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/a:x.org:x.org_x11",
"@product": "X.Org X11",
"@vendor": "X.Org Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:xfree86_project:xfree86",
"@product": "XFree86",
"@vendor": "XFree86 Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:canonical:ubuntu_linux",
"@product": "Ubuntu",
"@vendor": "Canonical",
"@version": "2.2"
},
{
"#text": "cpe:/o:fedoraproject:fedora",
"@product": "Fedora",
"@vendor": "Fedora Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:gentoo:linux_x11",
"@product": "Gentoo Linux x11-base/xorg-server",
"@vendor": "Gentoo Foundation, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:gentoo:linux_x11-libs",
"@product": "Gentoo Linux x11-libs/libXfont",
"@vendor": "Gentoo Foundation, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:ibm:aix",
"@product": "IBM AIX",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:mandriva:linux-xfree86",
"@product": "Mandriva Linux XFree86",
"@vendor": "Mandriva, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:mandriva:linux-xorg",
"@product": "Mandriva Linux xorg-x11",
"@vendor": "Mandriva, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:openbsd:openbsd",
"@product": "OpenBSD",
"@vendor": "OpenBSD",
"@version": "2.2"
},
{
"#text": "cpe:/o:opensuse_project:opensuse",
"@product": "openSUSE",
"@vendor": "openSUSE project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_desktop",
"@product": "Novell Linux Desktop",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_enterprise_desktop",
"@product": "SUSE Linux Enterprise Desktop",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_enterprise_server",
"@product": "SUSE Linux Enterprise Server",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_pos",
"@product": "Novell Linux POS",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:suse_linux",
"@product": "SUSE LINUX",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:suse_sle_sdk",
"@product": "SLE SDK",
"@vendor": "SUSE",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.4",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-001043",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN88935101/index.html",
"@id": "JVN#88935101",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
"@id": "TRTA08-079A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006",
"@id": "CVE-2008-0006",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0006",
"@id": "CVE-2008-0006",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200806_XOrg_press_en.html",
"@id": "Security Alert for X.Org Foundation X Server Vulnerability",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-079A.html",
"@id": "SA08-079A",
"@source": "CERT-SA"
},
{
"#text": "http://www.kb.cert.org/vuls/id/203220",
"@id": "VU#203220",
"@source": "CERT-VN"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html",
"@id": "TA08-079A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/28532/",
"@id": "SA28532",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/27352",
"@id": "27352",
"@source": "BID"
},
{
"#text": "http://securitytracker.com/id?1019232",
"@id": "1019232",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/0179",
"@id": "FrSIRT/ADV-2008-0179",
"@source": "FRSIRT"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html",
"@id": "JVNDB-2008-001043",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "X.Org Foundation X server buffer overflow vulnerability"
}
JVNDB-2005-000727
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2014-05-22 18:03Summary
mod_imap cross-site scripting vulnerability
Details
The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing.
mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html",
"dc:date": "2014-05-22T18:03+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2014-05-22T18:03+09:00",
"description": "The \"mod_imap\" and \"mod_imagemap\" modules of the Apache HTTP Server are used for implementing server-side image map processing.\r\nmod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:http_server",
"@product": "Apache HTTP Server",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"@product": "Cosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
"@product": "Cosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"@product": "Cosminexus Application Server Version 5",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"@product": "Cosminexus Developer Light Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"@product": "Cosminexus Developer Professional Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"@product": "Cosminexus Developer Standard Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
"@product": "Cosminexus Developer Version 5",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
"@product": "Cosminexus Server - Enterprise Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
"@product": "Cosminexus Server - Standard Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
"@product": "Cosminexus Server - Standard Edition Version 4",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
"@product": "Cosminexus Server - Web Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
"@product": "Cosminexus Server - Web Edition Version 4",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"@product": "uCosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"@product": "uCosminexus Application Server Smart Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"@product": "uCosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_light",
"@product": "uCosminexus Developer Light",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
"@product": "uCosminexus Developer Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:http_server",
"@product": "IBM HTTP Server",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:oracle:http_server",
"@product": "Oracle HTTP Server",
"@vendor": "Oracle Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux",
"@product": "Turbolinux",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_desktop",
"@product": "Turbolinux Desktop",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_home",
"@product": "Turbolinux Home",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000727",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN06045169/index.html",
"@id": "JVN#06045169",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
"@id": "TRTA08-079A",
"@source": "JVNTR"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
"@id": "TRTA08-150A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352",
"@id": "CVE-2005-3352",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3352",
"@id": "CVE-2005-3352",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-079A.html",
"@id": "SA08-079A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
"@id": "SA08-150A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html",
"@id": "TA08-079A",
"@source": "CERT-TA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
"@id": "TA08-150A",
"@source": "CERT-TA"
},
{
"#text": "http://www.securityfocus.com/bid/15834",
"@id": "15834",
"@source": "BID"
}
],
"title": "mod_imap cross-site scripting vulnerability"
}
JVNDB-2007-000560
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Safari URL spoofing vulnerability
Details
Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar.
Apple's Safari is a web browser installed as default with Mac OS X.
There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users.
This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000560.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Apple\u0027s Safari contains a vulnerability that allows spoofing of URLs in the address bar.\r\n\r\nApple\u0027s Safari is a web browser installed as default with Mac OS X.\r\n\r\nThere is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. \r\nThis could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000560.html",
"sec:cpe": [
{
"#text": "cpe:/a:apple:safari",
"@product": "Safari",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:apple:iphone",
"@product": "iPhone",
"@vendor": "Apple Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000560",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16018033/index.html",
"@id": "JVN#16018033",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3742",
"@id": "CVE-2007-3742",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3742",
"@id": "CVE-2007-3742",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/24636",
"@id": "24636",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/35716",
"@id": "35716",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/2730",
"@id": "FrSIRT/ADV-2007-2730",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-399",
"@title": "Resource Management Errors(CWE-399)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
}
],
"title": "Safari URL spoofing vulnerability"
}
JVNDB-2007-000727
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Safari allows access from HTTP to HTTPS
Details
Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session.
Safari is a default web browser installed in Mac OS X and iPhone.
Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000727.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session.\r\n\r\nSafari is a default web browser installed in Mac OS X and iPhone.\r\nSafari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000727.html",
"sec:cpe": [
{
"#text": "cpe:/a:apple:safari",
"@product": "Safari",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:apple:iphone",
"@product": "iPhone",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000727",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN79013771/",
"@id": "JVN#79013771",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4671",
"@id": "CVE-2007-4671",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4671",
"@id": "CVE-2007-4671",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26983",
"@id": "SA26983",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25852",
"@id": "25852",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36862",
"@id": "36862",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1018752",
"@id": "1018752",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3287",
"@id": "FrSIRT/ADV-2007-3287",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Safari allows access from HTTP to HTTPS"
}
JVNDB-2008-000009
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2010-01-05 12:14Summary
Apache Tomcat fails to properly handle cookie value
Details
Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser.
Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages.
The developer reports that this issue exists because of an incomplete fix for CVE-2007-3385.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000009.html",
"dc:date": "2010-01-05T12:14+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2010-01-05T12:14+09:00",
"description": "Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user\u0027s web browser.\r\n\r\nApache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages.\r\n\r\nThe developer reports that this issue exists because of an incomplete fix for CVE-2007-3385.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000009.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_messaging_security_appliance",
"@product": "TrendMicro InterScan Messaging Security Appliance",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_messaging_security_suite",
"@product": "InterScan Messaging Security Suite",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_web_security_appliance",
"@product": "TrendMicro InterScan Web Security Appliance",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_web_security_suite",
"@product": "TrendMicro InterScan Web Security Suite",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:server",
"@product": "VMware Server",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:vcenter",
"@product": "VMware vCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:virtualcenter",
"@product": "VMware VirtualCenter",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000009",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN09470767/index.html",
"@id": "JVN#09470767",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333",
"@id": "CVE-2007-5333",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5333",
"@id": "CVE-2007-5333",
"@source": "NVD"
},
{
"#text": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory/97.html",
"@id": "SNS Advisory No.97",
"@source": "SNSDB"
},
{
"#text": "http://secunia.com/advisories/28878",
"@id": "SA28878",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/27706",
"@id": "27706",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/0488",
"@id": "FrSIRT/ADV-2008-0488",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Apache Tomcat fails to properly handle cookie value"
}
JVNDB-2005-000804
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-07-07 18:04Summary
Tomcat vulnerable in request processing
Details
Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests.
To avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat supports Coyote JK Connector and Coyote HTTP/1.1 Connector.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000804.html",
"dc:date": "2008-07-07T18:04+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-07-07T18:04+09:00",
"description": "Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests.\r\n\r\nTo avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat supports Coyote JK Connector and Coyote HTTP/1.1 Connector.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000804.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:campusmate_portal",
"@product": "Campusmate/Portal",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:internet_navigware_server",
"@product": "Internet Navigware Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_list_manager",
"@product": "Interstage List Manager",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_primary_server",
"@product": "Cosminexus Primary Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:embedded_cosminexus_server",
"@product": "Embedded Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:webotx_application_server",
"@product": "WebOTX Application Server",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:websam_systemmanager",
"@product": "WebSAM SystemManager",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:nec:spectral_wave_manager",
"@product": "Spectral Wave Manager Series",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000804",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN79314822/index.html",
"@id": "JVN#79314822",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164",
"@id": "CVE-2005-3164",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3164",
"@id": "CVE-2005-3164",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/17019",
"@id": "SA17019",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/15003",
"@id": "15003",
"@source": "BID"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Tomcat vulnerable in request processing"
}
JVNDB-2007-000297
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-07-11 13:47Summary
Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
Details
Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.
The vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html",
"dc:date": "2008-07-11T13:47+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-07-11T13:47+09:00",
"description": "Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\n\r\nApache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.\r\n\r\nThe vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:webotx_application_server",
"@product": "WebOTX Application Server",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000297",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16535199/index.html",
"@id": "JVN#16535199",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358",
"@id": "CVE-2007-1358",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1358",
"@id": "CVE-2007-1358",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/25721",
"@id": "SA25721",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/24524",
"@id": "24524",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1018269",
"@id": "1018269",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1729",
"@id": "FrSIRT/ADV-2007-1729",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability"
}
JVNDB-2008-000016
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-10-09 13:35Summary
Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
Details
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html",
"dc:date": "2008-10-09T13:35+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-10-09T13:35+09:00",
"description": "The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.\r\n\r\nThe Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux Extras",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_desktop_supplementary",
"@product": "RHEL Desktop Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_supplementary",
"@product": "RHEL Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jdk",
"@product": "JDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jre",
"@product": "JRE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:sdk",
"@product": "SDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000016",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA08-066A/index.html",
"@id": "JVNTA08-066A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN04032535/index.html",
"@id": "JVN#04032535",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA08-066A/index.html",
"@id": "TRTA08-066A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187",
"@id": "CVE-2008-1187",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1187",
"@id": "CVE-2008-1187",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200803_JRE_press_en.html",
"@id": "Security Alert for Vulnerability In Sun JRE (Java Runtime Environment) XSLT Transformations",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.us-cert.gov/cas/alerts/SA08-066A.html",
"@id": "SA08-066A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html",
"@id": "TA08-066A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/29273",
"@id": "SA29273",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/28083",
"@id": "28083",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/41025",
"@id": "41025",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1019548",
"@id": "1019548",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/0770",
"@id": "FrSIRT/ADV-2008-0770",
"@source": "FRSIRT"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html",
"@id": "JVNDB-2008-000016",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations"
}
JVNDB-2007-000329
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-06-06 16:22Summary
Java Web Start vulnerable to execution of unauthorized system classes
Details
Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes.
Java Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000329.html",
"dc:date": "2008-06-06T16:22+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-06-06T16:22+09:00",
"description": "Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes.\r\n\r\nJava Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000329.html",
"sec:cpe": [
{
"#text": "cpe:/a:allied_telesis_k.k.:ssl_vpn-plus",
"@product": "SSL VPN-Plus",
"@vendor": "Allied Telesis",
"@version": "2.2"
},
{
"#text": "cpe:/a:allied_telesis_k.k.:swimradius",
"@product": "SwimRadius",
"@vendor": "Allied Telesis",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:jrockit",
"@product": "BEA JRockit",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:tw703000",
"@product": "TW703000",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:websam_deploymentmanager",
"@product": "WebSAM DeploymentManager",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux Extras",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_desktop_supplementary",
"@product": "RHEL Desktop Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_supplementary",
"@product": "RHEL Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jdk",
"@product": "JDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jre",
"@product": "JRE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:sdk",
"@product": "SDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000329",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN44724673/index.html",
"@id": "JVN#44724673",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435",
"@id": "CVE-2007-2435",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2435",
"@id": "CVE-2007-2435",
"@source": "NVD"
},
{
"#text": "http://www.jpcert.or.jp/wr/2007/wr071701.txt",
"@id": "JPCERT-WR-2007-1701",
"@source": "JPCERT-WR"
},
{
"#text": "http://secunia.com/advisories/25069/",
"@id": "SA25069",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/23728",
"@id": "23728",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/33984",
"@id": "33984",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1017986",
"@id": "1017986",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1598",
"@id": "FrSIRT/ADV-2007-1598",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Java Web Start vulnerable to execution of unauthorized system classes"
}
JVNDB-2007-000457
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-07-11 13:48Summary
Apache Tomcat cross-site scripting vulnerability
Details
Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.
Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies.
Apache Tomcat Web Application Manager contains a cross-site scripting vulnerability.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000457.html",
"dc:date": "2008-07-11T13:48+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-07-11T13:48+09:00",
"description": "Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.\r\n\r\nApache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies.\r\nApache Tomcat Web Application Manager contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000457.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000457",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07100457/index.html",
"@id": "JVN#07100457",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450",
"@id": "CVE-2007-2450",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2450",
"@id": "CVE-2007-2450",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/25678/",
"@id": "SA25678",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/24475",
"@id": "24475",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/34868",
"@id": "34868",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1018245",
"@id": "1018245",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/2213",
"@id": "FrSIRT/ADV-2007-2213",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Apache Tomcat cross-site scripting vulnerability"
}
JVNDB-2007-000819
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2013-07-18 18:58Summary
Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
Details
mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.
The Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html",
"dc:date": "2013-07-18T18:58+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2013-07-18T18:58+09:00",
"description": "mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.\r\n\r\nThe Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.\r\nThe Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:http_server",
"@product": "Apache HTTP Server",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_studio",
"@product": "Interstage Studio",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"@product": "Systemwalker Resource Coordinator",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:http_server",
"@product": "IBM HTTP Server",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:oracle:http_server",
"@product": "Oracle HTTP Server",
"@vendor": "Oracle Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_application_stack",
"@product": "Red Hat Application Stack",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:nec:wanbooster",
"@product": "WanBooster",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
"@product": "Turbolinux Appliance Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000819",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN80057925/index.html",
"@id": "JVN#80057925",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
"@id": "TRTA08-079A",
"@source": "JVNTR"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
"@id": "TRTA08-150A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000",
"@id": "CVE-2007-5000",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5000",
"@id": "CVE-2007-5000",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/28046",
"@id": "SA28046",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/28073",
"@id": "SA28073",
"@source": "SECUNIA"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/4201",
"@id": "FrSIRT/ADV-2007-4201",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/4202",
"@id": "FrSIRT/ADV-2007-4202",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cross-site scripting vulnerability in Apache HTTP Server \"mod_imap\" and \"mod_imagemap\""
}
JVNDB-2007-000817
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2009-02-10 11:32Summary
Flash Player vulnerable in handling cross-domain policy files
Details
Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files.
Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.
According to Adobe's "About allowing cross-domain data loading", "When a Flash document attempts to access data from another domain, Flash Player automatically attempts to load a policy file from that domain. If the domain of the Flash document that is attempting to access the data is included in the policy file, the data is automatically accessible."
Flash Player contains a vulnerability that may allow a specially crafted web page to be interpreted as a cross-domain policy file because the plugin fails to properly handle cross-domain policy files.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000817.html",
"dc:date": "2009-02-10T11:32+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2009-02-10T11:32+09:00",
"description": "Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files.\r\n\r\nAdobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.\r\nAccording to Adobe\u0027s \"About allowing cross-domain data loading\", \"When a Flash document attempts to access data from another domain, Flash Player automatically attempts to load a policy file from that domain. If the domain of the Flash document that is attempting to access the data is included in the policy file, the data is automatically accessible.\"\r\nFlash Player contains a vulnerability that may allow a specially crafted web page to be interpreted as a cross-domain policy file because the plugin fails to properly handle cross-domain policy files.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000817.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:flash_player",
"@product": "Adobe Flash Player",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux Extras",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_desktop_supplementary",
"@product": "RHEL Desktop Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_supplementary",
"@product": "RHEL Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:opensolaris",
"@product": "OpenSolaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_wizpy",
"@product": "wizpy",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000817",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN45675516/index.html",
"@id": "JVN#45675516",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA07-355A/index.html",
"@id": "TRTA07-355A",
"@source": "JVNTR"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-100A/",
"@id": "TRTA08-100A",
"@source": "JVNTR"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
"@id": "TRTA08-150A",
"@source": "JVNTR"
},
{
"#text": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243",
"@id": "CVE-2007-6243",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6243",
"@id": "CVE-2007-6243",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
"@id": "SA08-150A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
"@id": "TA08-150A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/28161",
"@id": "SA28161",
"@source": "SECUNIA"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/39129",
"@id": "39129",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1019116",
"@id": "1019116",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/4258",
"@id": "FrSIRT/ADV-2007-4258",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/2838",
"@id": "FrSIRT/ADV-2008-2838",
"@source": "FRSIRT"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000817.html",
"@id": "JVNDB-2007-000817",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Flash Player vulnerable in handling cross-domain policy files"
}