Vulnerability Summary for the Week of February 14, 2011
Released
Feb 21, 2011
Document ID
SB11-052
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aretimes -- com_maianmedia | SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php. | 2011-02-15 | 7.5 | CVE-2010-4739 BID OSVDB EXPLOIT-DB SECUNIA MISC |
| djangoproject -- django | Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. | 2011-02-14 | 7.5 | CVE-2011-0698 CONFIRM MLIST |
| ecommercemax -- digital-goods_seller | SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter. | 2011-02-15 | 7.5 | CVE-2010-4735 BID EXPLOIT-DB SECUNIA OSVDB |
| gatesoft -- docusafe | SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information. | 2011-02-15 | 7.5 | CVE-2010-4736 BID EXPLOIT-DB SECUNIA MISC |
| hotwebscripts -- hotweb_rentals | SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter. | 2011-02-15 | 7.5 | CVE-2010-4737 BID EXPLOIT-DB SECUNIA MISC |
| ibm -- informix_dynamic_server | Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement. | 2011-02-14 | 9.3 | CVE-2011-1033 MISC XF VUPEN BID BUGTRAQ SECUNIA MISC |
| intellicom -- netbiter_easyconnect_ec150 | cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463. | 2011-02-14 | 9.0 | CVE-2010-4732 MISC CERT-VN BUGTRAQ |
| intellicom -- netbiter_easyconnect_ec150 | WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password, which makes it easier for remote attackers to obtain superadmin access via the web interface, a different vulnerability than CVE-2009-4463. | 2011-02-14 | 10.0 | CVE-2010-4733 MISC BUGTRAQ |
| microsoft -- windows_2003_server | Heap-based buffer overflow in Mrxsmb.sys in Microsoft Windows Server 2003 Active Directory allows remote attackers to execute arbitrary code via a crafted BROWSER ELECTION request. | 2011-02-15 | 10.0 | CVE-2011-0654 BID EXPLOIT-DB FULLDISC |
| raemedia -- real_estate_single_and_multi_agent_system | Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System. | 2011-02-15 | 7.5 | CVE-2010-4738 BID BID SECUNIA MISC OSVDB OSVDB |
| scadaengine -- bacnet_opc_client | Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message. | 2011-02-15 | 9.3 | CVE-2010-4740 MISC CERT-VN BID SECUNIA MISC |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 2011-02-17 | 7.6 | CVE-2010-4422 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | 2011-02-17 | 7.6 | CVE-2010-4451 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | 2011-02-17 | 10.0 | CVE-2010-4452 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | 2011-02-17 | 10.0 | CVE-2010-4454 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | 2011-02-17 | 10.0 | CVE-2010-4462 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 2011-02-17 | 10.0 | CVE-2010-4463 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | 2011-02-17 | 10.0 | CVE-2010-4465 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 2011-02-17 | 10.0 | CVE-2010-4467 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | 2011-02-17 | 10.0 | CVE-2010-4469 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | 2011-02-17 | 10.0 | CVE-2010-4473 CONFIRM |
| vmware -- esx | Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451. | 2011-02-17 | 7.8 | CVE-2011-0355 XF VUPEN VUPEN CONFIRM BID BUGTRAQ OSVDB CONFIRM SECTRACK SECUNIA MLIST |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- continuum | Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table. | 2011-02-17 | 4.3 | CVE-2011-0533 CONFIRM CONFIRM FULLDISC XF VUPEN BID BUGTRAQ SECTRACK SECUNIA MLIST CONFIRM CONFIRM |
| djangoproject -- django | Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447. | 2011-02-14 | 6.8 | CVE-2011-0696 CONFIRM CONFIRM MLIST |
| djangoproject -- django | Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. | 2011-02-14 | 4.3 | CVE-2011-0697 CONFIRM CONFIRM MLIST |
| ibm -- lotus_connections | Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene." | 2011-02-14 | 4.3 | CVE-2011-1030 AIXAPAR CONFIRM SECTRACK SECUNIA |
| ibm -- websphere_application_server | IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. | 2011-02-14 | 4.3 | CVE-2008-7274 AIXAPAR |
| ibm -- lotus_connections | IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. | 2011-02-14 | 6.8 | CVE-2011-1032 CONFIRM AIXAPAR SECUNIA |
| ibm -- rational_build_forge | Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. NOTE: some of these details are obtained from third party information. | 2011-02-15 | 4.3 | CVE-2011-1034 VUPEN BID OSVDB AIXAPAR SECTRACK SECUNIA |
| intellicom -- netbiter_easyconnect_ec150 | Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463. | 2011-02-14 | 6.8 | CVE-2010-4730 MISC CERT-VN BUGTRAQ |
| intellicom -- netbiter_easyconnect_ec150 | Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter, a different vulnerability than CVE-2009-4463. | 2011-02-14 | 6.8 | CVE-2010-4731 MISC CERT-VN BUGTRAQ |
| phpmyadmin -- phpmyadmin | phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. | 2011-02-14 | 5.0 | CVE-2011-0986 CONFIRM CONFIRM MANDRIVA |
| phpmyadmin -- phpmyadmin | The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. | 2011-02-14 | 6.5 | CVE-2011-0987 CONFIRM CONFIRM VUPEN MANDRIVA |
| ruby_on_rails -- ruby_on_rails | Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value. | 2011-02-14 | 4.3 | CVE-2011-0446 MLIST |
| ruby_on_rails -- ruby_on_rails | Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. | 2011-02-14 | 6.8 | CVE-2011-0447 CONFIRM MLIST |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | 2011-02-17 | 4.3 | CVE-2010-4447 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | 2011-02-17 | 5.0 | CVE-2010-4466 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | 2011-02-17 | 4.0 | CVE-2010-4468 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. | 2011-02-17 | 5.0 | CVE-2010-4470 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. | 2011-02-17 | 5.0 | CVE-2010-4471 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | 2011-02-17 | 4.3 | CVE-2010-4475 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect availability via unknown vectors related to Java Language and unspecified APIs. | 2011-02-17 | 5.0 | CVE-2010-4476 CONFIRM |
| zohocorp -- manageengine_adselfservice_plus | accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. | 2011-02-17 | 4.3 | CVE-2010-3272 XF VUPEN BID BUGTRAQ OSVDB MISC SECUNIA |
| zohocorp -- manageengine_adselfservice_plus | ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. | 2011-02-17 | 5.0 | CVE-2010-3273 XF VUPEN BID BUGTRAQ OSVDB MISC SECUNIA |
| zohocorp -- manageengine_adselfservice_plus | Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. | 2011-02-17 | 4.3 | CVE-2010-3274 XF VUPEN BID BUGTRAQ OSVDB OSVDB MISC SECUNIA |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amix -- skeletonz_cms_1.0 | Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information. | 2011-02-15 | 2.6 | CVE-2010-4734 BID OSVDB EXPLOIT-DB SECUNIA MISC |
| daniel_friesel -- feh | The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file. | 2011-02-14 | 3.3 | CVE-2011-0702 CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM SECUNIA |
| daniel_friesel -- feh | The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702. | 2011-02-14 | 3.3 | CVE-2011-1031 CONFIRM CONFIRM CONFIRM MISC SECUNIA |
| ibm -- rational_team_concert | Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report. | 2011-02-14 | 3.5 | CVE-2011-1029 XF VUPEN BID AIXAPAR SECUNIA |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. | 2011-02-17 | 2.6 | CVE-2010-4448 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. | 2011-02-17 | 3.7 | CVE-2010-4450 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. | 2011-02-17 | 2.6 | CVE-2010-4472 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. | 2011-02-17 | 2.1 | CVE-2010-4474 CONFIRM |
| vmware -- vcenter_server | The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file. | 2011-02-15 | 2.1 | CVE-2010-2928 CONFIRM CONFIRM BUGTRAQ SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.