CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 486 | CVE-1999-0488 | Candidate | Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. | Modified (19991205-01) | ACCEPT(2) Baker, Landfield | MODIFY(2) Frech, Wall | NOOP(2) Christey, Ozancin | Frech> XF:ie-mshtml-crossframe | Wall> (source: MSKB:Q168485) | Christey> CVE-1999-0469 appears to be a duplicate; prefer this one over | that one, since this one has an MS advisory. Confirm with | Microsoft that these are really duplicates. | | Also review CVE-1999-0487, which appears to be a similar | bug. | View |
| 487 | CVE-1999-0489 | Candidate | MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. | Modified (19991205-01) | ACCEPT(1) Levy | MODIFY(1) Wall | NOOP(2) Baker, Ozancin | RECAST(1) Prosser | REJECT(1) Christey | REVIEWING(1) Frech | Frech> Wasn"t Untrusted scripted paste MS98-015? I can find no mention of a | clipboard in either. | I cannot proceed on this one without further clarification. | Wall> (source: MS:MS99-012) | Prosser> agree with Andre here. The Untrusted Scripted paste | vulnerability was originally addressed in MS98-015 and it is in the file | upload intrinsic control in which an attacker can paste the name of a file | on the target"s drive in the control and a form submission would then send | that file from the attacked machine to the remote web site. This one has | nothing to do with the clipboard. What the advisory mentioned here, | MS99-012, does is replace the MSHTML parsing engine which is supposed to fix | the original Untrusted Scripted Paste issue and a variant, as well as the | two Cross-Frame variants and a privacy issue in IMG SRC. | The vulnerability that allowed reading of a user"s clipboard is the Forms | 2.0 Active X control vulnerability discussed in MS99-01 | Christey> The advisory should have been listed as MS99-012. | CVE-1999-0468 describes the untrusted scripted paste problem | in MS99-012. | Frech> Pending response to guidance request. 12/6/01. | View |
| 488 | CVE-1999-0490 | Candidate | MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user"s files via an IMG SRC tag. | Modified (19991205-01) | ACCEPT(2) Landfield, Wall | MODIFY(1) Frech | NOOP(2) Baker, Ozancin | REVIEWING(1) Christey | Frech> XF:ie-scriplet-fileread | Christey> Duplicate of CVE-1999-0347? | View |
| 282 | CVE-1999-0283 | Candidate | The Java Web Server would allow remote users to obtain the source code for CGI programs. | Modified (19991203-01) | ACCEPT(7) Baker, Blake, Cole, Collins, Dik, Northcutt, Wall | MODIFY(1) Frech | NOOP(5) Armstrong, Bishop, Christey, Landfield, Prosser | REVIEWING(1) Ozancin | Wall> Acknowledged by vendor at | http://www.sun.com/software/jwebserver/techinfo/jws112info.html. | Baker> Vulnerability Reference (HTML) Reference Type | http://www.securityfocus.com/archive/1/7260 Misc Defensive Info | http://www.sun.com/software/jwebserver/techinfo/jws112info.html Vendor Info | Christey> BID:1891 | URL:http://www.securityfocus.com/bid/1891 | Christey> Add version number (1.1 beta) and details of attack (appending | a . or a ) | | The Sun URL referenced by Dave Baker no longer exists, so I | wasn"t able to verify that it addressed the problem described | in the Bugtraq post. This might not even be Sun"s | "Java Web Server," as CVE-2001-0186 describes some product | called "Free Java Web Server" | Dik> There appears to be some confusion. | | The particular bug seems to be on in JWS 1.1beta or 1.1 which was fixed | in 1.1.2 (get foo.jthml source by appending "." of "" to URL) | | There are other bugs that give access and that require a configuration | change. | | http://www.sun.com/software/jwebserver/techinfo/security_advisory.html | Christey> Need to make sure to create CAN"s for the other bugs, | as documented in: | NTBUGTRAQ:19980724 Alert: New Source Bug Affect Sun JWS | http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222454131622&w=2 | BUGTRAQ:19980725 Alert: New Source Bug Affect Sun JWS | http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526086&w=2 | The reported bugs are: | 1) file read by appending %20 | 2) Directly call /servlet/file | URL:http://www.sddt.com/cgi-bin/Subscriber?/library/98/07/24/tbd.html | #2 is explicitly mentioned in the Sun advisory for | CVE-1999-0283. | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:javawebserver-cgi-source(5383) | View |
| 215 | CVE-1999-0216 | Candidate | Denial of service of inetd on Linux through SYN and RST packets. | Modified (19991203-01) | ACCEPT(1) Hill | MODIFY(2) Baker, Frech | RECAST(1) Meunier | Meunier> The location of the vulnerability, whether in the Linux kernel or the | application, is debatable. Any program making the same (reasonnable) | assumption is vulnerable, i.e., implements the same vulnerability: | "Assumption that TCP-three-way handshake is complete after calling Linux | kernel function accept(), which returns socket after getting SYN. Result | is process death by SIGPIPE" | Moreover, whether it results in DOS (to third parties) depends on the | process that made the assumption. | I think that the present entry should be split, one entry for every | application that implements the vulnerability (really describing threat | instances, which is what other people think about when we talk about | vulnerabilities), and one entry for the Linux kernel that allows the | vulnerability to happen. | Frech> XF:hp-inetd | XF:linux-inetd-dos | Baker> Since we have an hpux bulletin, the description should not specifically say Linux, should it? It applies to mulitple OS and should be likely either modified, or in extreme case, recast | View |
Page 574 of 20943, showing 5 records out of 104715 total, starting on record 2866, ending on 2870
