JVN Info.
- Id
- 31811
- Name
- JVNDB-2011-002051
- Title
- Apple Safari にて使用される WebKit における任意のコードを実行される脆弱性
- Summary
- Apple Safari にて使用される WebKit には、任意のコードを実行される、またはサービス運用妨害 (メモリ破損およびアプリケーションクラッシュ) 状態となる脆弱性が存在します。
- Nvdinfo
- CVE-2011-0234
- Cvssv2
- 9.3
- Jvnurl
- http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002051.html
- Published Date
- 2011-07-21
- Registered Date
- 2011-08-08
- Last Updated Date
- 2011-08-08
Related Nessuslogs
| Id | Log ID | Jvninfo Id | Plugin ID | CVE | CVSS | Risk | Host | Protocol | Port | Name | Synopsis | Description | Solution | See Also | Plugin Output | Actions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 52126 | H28_MUN_DWEB_Q4_172_16_240_seg.csv | 31811 | 81085 | CVE-2014-3660 | 7.1 | High | 172.16.240.150 | tcp | 0 | ESXi 5.5 < Build 2352327 Multiple Vulnerabilities (remote check) (POODLE) | The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. | The remote VMware ESXi host is version 5.5 prior to build 2352327. It is, therefore, affected by the following vulnerabilities : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks. (CVE-2014-3513) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the "POODLE" issue. (CVE-2014-3566) - An error exists related to session ticket handling that can allow denial of service attacks via memory leaks. (CVE-2014-3567) - An error exists related to the build configuration process and the "no-ssl3" build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568) - A denial of service vulnerability in libxml2 due to entity expansion even when entity substitution is disabled. A remote attacker, using a crafted XML document containing larger number of nested entity references, can cause the consumption of CPU resources. (CVE-2014-3660) - An unspecified privilege escalation vulnerability. (CVE-2014-8370) - An unspecified denial of service vulnerability due to an input validation issue in the VMware Authorization process (vmware-authd). (CVE-2015-1044) | Apply patch ESXi550-201403102-SG and ESXi550-201501101-SG for ESXi 5.5. | https://www.vmware.com/security/advisories/VMSA-2015-0001.html https://www.imperialviolet.org/2014/10/14/poodle.html https://www.openssl.org/~bodo/ssl-poodle.pdf https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 | ESXi version : ESXi 5.5 Installed build : 1892794 Fixed build : 2352327 | |
| 57695 | H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv | 31811 | 81085 | CVE-2014-3660 | 7.1 | High | 172.16.240.150 | tcp | 0 | ESXi 5.5 < Build 2352327 Multiple Vulnerabilities (remote check) (POODLE) | The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. | The remote VMware ESXi host is version 5.5 prior to build 2352327. It is, therefore, affected by the following vulnerabilities : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks. (CVE-2014-3513) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the "POODLE" issue. (CVE-2014-3566) - An error exists related to session ticket handling that can allow denial of service attacks via memory leaks. (CVE-2014-3567) - An error exists related to the build configuration process and the "no-ssl3" build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568) - A denial of service vulnerability in libxml2 due to entity expansion even when entity substitution is disabled. A remote attacker, using a crafted XML document containing larger number of nested entity references, can cause the consumption of CPU resources. (CVE-2014-3660) - An unspecified privilege escalation vulnerability. (CVE-2014-8370) - An unspecified denial of service vulnerability due to an input validation issue in the VMware Authorization process (vmware-authd). (CVE-2015-1044) | Apply patch ESXi550-201403102-SG and ESXi550-201501101-SG for ESXi 5.5. | https://www.vmware.com/security/advisories/VMSA-2015-0001.html https://www.imperialviolet.org/2014/10/14/poodle.html https://www.openssl.org/~bodo/ssl-poodle.pdf https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 | ESXi version : ESXi 5.5 Installed build : 1892794 Fixed build : 2352327 |
