Информационная безопасность
[RU] switch to English

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:13 сентября 2011 г.
SecurityVulns ID:11900
Уровень опасности:
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:JBOSS : JBoss 3.2
 JBOSS : JBoss 4.0
 MANTIS : Mantis 1.1
 VMWARE : Spring Security 3.0
 VMWARE : Spring Security 2.0
 HBCUMULUS : HB-Cumulus for Habari 1.4
 EZ : EZcumulus 1.0
 EXPRESSION : Simple Tags for Expression Engine 1.6
 SERENDIPITY : Freetag 3.28
 PHPFUSION : Animated tag cloud for PHP-Fusion 1.4
 MAGNETO : 3D Advanced Tags Clouds 2.0
 JBOSS : JBoss 5.0
 PAPOO : CMS Papoo Light 4.0
 BCFG2 : bcfg2 1.1
CVE:CVE-2011-3358 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library.)
 CVE-2011-3357 (Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.)
 CVE-2011-3211 (The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.)
 CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.)
 CVE-2011-2732 (CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.)
 CVE-2011-2731 (Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.)
 CVE-2011-2730 (VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection.")
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2302-1] bcfg2 security update (13.09.2011)
 documentVMWARE, CVE-2011-2730: Spring Framework Information Disclosure (13.09.2011)
 documentVMWARE, CVE-2011-2732: Spring Security header injection vulnerability (13.09.2011)
 documentVMWARE, CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities (13.09.2011)
 documentVMWARE, CVE-2011-2731: Spring Security privilege escalation when using RunAsManager (13.09.2011)
 documentsschurtz_(at)_t-online.de, Multiple XSS vulnerabilities in CMS Papoo Light Version (13.09.2011)
 documentDEBIAN, [SECURITY] [DSA 2308-1] mantis security update (13.09.2011)
 documentMustLive, Уязвимости в JBoss Application Server (13.09.2011)
 documentMustLive, Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron (13.09.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород