JVN Info.

Id
14933  
Name
JVNDB-2014-003808  
Title
Bugzilla の jsonrpc.cgi の WebService/Server/JSONRPC.pm の JSONP エンドポイント内の response 関数におけるクロスサイトリクエストフォージェリ攻撃を実行される脆弱性  
Summary
Bugzilla の jsonrpc.cgi の WebService/Server/JSONRPC.pm の JSONP エンドポイント内の response 関数は、特定の過度に長いコールバック値を受け入れ、JSONP レスポンスの最初のバイトを制限しないため、クロスサイトリクエストフォージェリ攻撃を実行され、重要な情報を取得される脆弱性が存在します。  
Nvdinfo
CVE-2014-1546  
Cvssv2
4.3  
Jvnurl
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003808.html  
Published Date
2014-07-24  
Registered Date
2014-08-15  
Last Updated Date
2014-08-15  

Actions

Related Nessuslogs

Id Log ID Jvninfo Id Plugin ID CVE CVSS Risk Host Protocol Port Name Synopsis Description Solution See Also Plugin Output Actions
51686 H28_MUN_DWEB_Q4_172_16_240_seg.csv 14933 89681 CVE-2010-3555 10 Critical 172.16.240.115 tcp 443 VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1. https://www.vmware.com/security/advisories/VMSA-2011-0013 http://lists.vmware.com/pipermail/security-announce/2012/000169.html Version : ESX 4.0 Installed build : 208167 Fixed build : 660575
57267 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 14933 89681 CVE-2010-3555 10 Critical 172.16.240.115 tcp 443 VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1. https://www.vmware.com/security/advisories/VMSA-2011-0013 http://lists.vmware.com/pipermail/security-announce/2012/000169.html Version : ESX 4.0 Installed build : 208167 Fixed build : 660575