NIPC CyberNotes #2002-12 Page 2 of 33 06/17/2002
Vendor
Operating
System
Software
Name
Vulnerability/
Impact
Patches/Workarounds/
Alerts
Common
Name
Risk*
Attacks/
Scripts
Allaire
4
Multiple ColdFusion
Server MX
Profes-
sional,
Enterprise
Developer
A Cross-Site Scripting
vulnerability exists in the
default Missing Template
handler because malicious
script code may be included in
a missing template URI,
which could let a malicious
user execute arbitrary code.
Patch available at:
http://download.macromedia
.com/pub/security_zone/cfm
x/MPSB02-03.zip
ColdFusion
Missing
Template
Cross Site
Scripting
High
Bug discussed
in newsgroups
and websites.
AnalogX
5
Multiple Simple
Server:
WWW
1.16
A remote Denial of Service
vulnerability exists when a
malicious user connects via
Telnet and makes an invalid
request to the server.
No workaround or patch
available at time of
publishing.
SimpleServer:
WWW Web
Remote
Denial of
Service
Low Bug discussed
in newsgroups
and websites.
There is no
exploit code
required.
Apache
Software
Foundation
6
Unix Tomcat
3.2, 3.2.1,
3.3, 3.3.1,
4.0-4.0.3,
4.1
A Denial of Service
vulnerability exists when
Tomcat encounters a
malicious JSP page.
No workaround or patch
available at time of
publishing.
Tomcat JSP
Denial of
Service
Low Bug discussed
in newsgroups
and websites.
Proof of
Concept
exploit has
been published.
Ayman
Akt
7
Unix IRCIT
0.3.1
A remote Buffer Overflow
vulnerability exists when a
maliciously formatted
INVITE message is received,
which could let a remote
malicious user execute
arbitrary code.
No workaround or patch
available at time of
publishing.
IRCIT
Remote Buffer
Overflow
High
Bug discussed
in newsgroups
and websites.
Exploit script
has been
published.
Belkin
8
Multiple F5D5230-4 A vulnerability exists when a
forwarded request originates
in the internal network and the
originating IP is modified to
reflect the external interface
of the router, which could let
a malicious user avoid
detection.
No workaround or patch
available at time of
publishing.
F5D5230-4
Router Internal
Web Request
Medium Bug discussed
in newsgroups
and websites.
There is no
exploit code
required.
BizDesign
9
Multiple ImageFolio
2.23, 2.24,
2.26
A vulnerability exists due to
weak access control to an
unprotected setup script,
which could let a remote
malicious user obtain
administrative access.
This issue has been fixed
in version 2.27 of
ImageFolio Pro.
Customers are advised to
contact the vendor for
upgrade information.
ImageFolio
Unauthorized
Administrative
Access
High
Bug discussed
in newsgroups
and websites.
Vulnerability
can be
exploited via a
web browser.
BizDesign
10
Multiple ImageFolio
2.23, 2.24,
2.26, 2.27
A vulnerability exists when a
category is created with a
maliciously constructed name,
which could let a remote
malicious user obtain
sensitive information.
No workaround or patch
available at time of
publishing.
ImageFolio
Authorized
User Web Root
Disclosure
Medium Bug discussed
in newsgroups
and websites.
Exploit has
been published.
4
Macromedia Security Bulletin, MPSB02-03, June 13, 2002.
5
Bugtraq, June 13, 2002.
6
Vulnwatch, June 11, 2002.
7
Gobbles Security Lab, June 12, 2002.
8
Bugtraq, June 9, 2002.
9
Bugtraq, June 9, 2002.
10
Bugtraq, June 9, 2002.
(51 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales