JVN Info.
- Id
- 12856
- Name
- JVNDB-2014-001731
- Title
- Mozilla Firefox および SeaMonkey におけるドメイン名を偽装される脆弱性
- Summary
- Mozilla Firefox および SeaMonkey には、WebRTC の (1) カメラ または (2) マイク の許可設定確認ダイアログのドメイン名を偽装される脆弱性が存在します。
- Nvdinfo
- CVE-2014-1499
- Cvssv2
- 5.8
- Jvnurl
- http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001731.html
- Published Date
- 2014-03-18
- Registered Date
- 2014-03-20
- Last Updated Date
- 2014-03-20
Related Nessuslogs
| Id | Log ID | Jvninfo Id | Plugin ID | CVE | CVSS | Risk | Host | Protocol | Port | Name | Synopsis | Description | Solution | See Also | Plugin Output | Actions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 51588 | H28_MUN_DWEB_Q4_172_16_240_seg.csv | 12856 | 89676 | CVE-2010-1324 | 7.8 | High | 172.16.240.115 | tcp | 443 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check) | The remote VMware ESX / ESXi host is missing a security-related patch. | The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - Multiple forgery vulnerabilities exist in the bundled version of MIT Kerberos 5 (krb5). An attacker can exploit these issues to impersonate a client, escalate privileges, and disclose sensitive information. (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021) - A local arbitrary code execution vulnerability exists in the Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. A local attacker can exploit this vulnerability to execute arbitrary code. (CVE-2010-2240) - A denial of service vulnerability exists that allows a remote attacker to exhaust available sockets, preventing further connections. (CVE-2011-1785) - A denial of service vulnerability exists in the bundled version of lsassd in Likewise Open. A remote attacker can exploit this, via an Active Directory login attempt that provides a username containing an invalid byte sequence, to cause a daemon crash. (CVE-2011-1786) | Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1. | https://www.vmware.com/security/advisories/VMSA-2011-0007 http://lists.vmware.com/pipermail/security-announce/2011/000133.html | Version : ESX 4.0 Installed build : 208167 Fixed build : 392990 | |
| 57169 | H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv | 12856 | 89676 | CVE-2010-1324 | 7.8 | High | 172.16.240.115 | tcp | 443 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check) | The remote VMware ESX / ESXi host is missing a security-related patch. | The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - Multiple forgery vulnerabilities exist in the bundled version of MIT Kerberos 5 (krb5). An attacker can exploit these issues to impersonate a client, escalate privileges, and disclose sensitive information. (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021) - A local arbitrary code execution vulnerability exists in the Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. A local attacker can exploit this vulnerability to execute arbitrary code. (CVE-2010-2240) - A denial of service vulnerability exists that allows a remote attacker to exhaust available sockets, preventing further connections. (CVE-2011-1785) - A denial of service vulnerability exists in the bundled version of lsassd in Likewise Open. A remote attacker can exploit this, via an Active Directory login attempt that provides a username containing an invalid byte sequence, to cause a daemon crash. (CVE-2011-1786) | Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1. | https://www.vmware.com/security/advisories/VMSA-2011-0007 http://lists.vmware.com/pipermail/security-announce/2011/000133.html | Version : ESX 4.0 Installed build : 208167 Fixed build : 392990 |
