English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.68959
Kategorie:FreeBSD Local Security Checks
Titel:FreeBSD Ports: bugzilla
Zusammenfassung:The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: bugzilla

CVE-2010-4568
Bugzilla 2.14 through 2.22.7, 3.0.x, 3.1.x, and 3.2.x before 3.2.10,
3.4.x before 3.4.10, 3.6.x before 3.6.4 and 4.0.x before 4.0rc2 does
not properly generate random values for cookies and tokens, which
allows remote attackers to obtain access to arbitrary accounts via
unspecified vectors.

CVE-2010-2761
The multipart_init function in (1) CGI.pm before 3.50 and (2)
Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of
the MIME boundary string in multipart/x-mixed-replace content, which
allows remote attackers to inject arbitrary HTTP headers and conduct
HTTP response splitting attacks via crafted input.

CVE-2010-4411
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote
attackers to inject arbitrary HTTP headers and conduct HTTP response
splitting attacks via unknown vectors. NOTE: this issue exists because
of an incomplete fix for CVE-2010-2761.

CVE-2010-4572
CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10,
3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2
allows remote attackers to inject arbitrary HTTP headers and conduct
HTTP response splitting attacks via the query string, a different
vulnerability than CVE-2010-2761 and CVE-2010-4411.

CVE-2010-4567
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and
4.0.x before 4.0rc2 does not properly handle whitespace preceding a
(1) javascript: or (2) data: URI, which allows remote attackers to
conduct cross-site scripting (XSS) attacks.

CVE-2010-0048
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
allows remote attackers to execute arbitrary code or cause a denial of
service (application crash).

CVE-2011-0046
Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla
before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x
before 4.0rc2 allow remote attackers to hijack the authentication of
arbitrary users for requests related to (1) adding a saved search in
buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in
sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5)
column changing in colchange.cgi, and (6) adding, deleting, or
approving a quip in quips.cgi.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 25425
Common Vulnerability Exposure (CVE) ID: CVE-2010-4568
BugTraq ID: 45982
http://www.securityfocus.com/bid/45982
Debian Security Information: DSA-2322 (Google Search)
http://www.debian.org/security/2011/dsa-2322
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
http://osvdb.org/70700
http://secunia.com/advisories/43033
http://secunia.com/advisories/43165
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0271
XForce ISS Database: bugzilla-number-security-bypass(65001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65001
Common Vulnerability Exposure (CVE) ID: CVE-2010-2761
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
http://www.mandriva.com/security/advisories?name=MDVSA-2010:250
https://bugzilla.mozilla.org/show_bug.cgi?id=600464
http://openwall.com/lists/oss-security/2010/12/01/1
http://openwall.com/lists/oss-security/2010/12/01/2
http://openwall.com/lists/oss-security/2010/12/01/3
http://osvdb.org/69588
http://osvdb.org/69589
http://www.redhat.com/support/errata/RHSA-2011-1797.html
http://secunia.com/advisories/42877
http://secunia.com/advisories/43068
http://secunia.com/advisories/43147
SuSE Security Announcement: SUSE-SR:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0249
Common Vulnerability Exposure (CVE) ID: CVE-2010-4411
http://www.mandriva.com/security/advisories?name=MDVSA-2011:008
http://www.vupen.com/english/advisories/2011/0106
Common Vulnerability Exposure (CVE) ID: CVE-2010-4572
http://osvdb.org/70703
XForce ISS Database: bugzilla-chartcgi-response-splitting(65440)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65440
Common Vulnerability Exposure (CVE) ID: CVE-2010-4567
http://osvdb.org/70699
XForce ISS Database: bugzilla-urlfield-xss(65004)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65004
Common Vulnerability Exposure (CVE) ID: CVE-2010-0048
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
BugTraq ID: 38671
http://www.securityfocus.com/bid/38671
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7135
http://www.securitytracker.com/id?1023708
http://secunia.com/advisories/41856
http://www.ubuntu.com/usn/USN-1006-1
http://www.vupen.com/english/advisories/2010/2722
http://www.vupen.com/english/advisories/2011/0552
Common Vulnerability Exposure (CVE) ID: CVE-2011-0046
http://osvdb.org/70705
http://osvdb.org/70706
http://osvdb.org/70707
http://osvdb.org/70708
http://osvdb.org/70709
http://osvdb.org/70710
XForce ISS Database: bugzilla-unspec-csrf(65003)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65003
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.