JVN Info.

Id
50754  
Name
JVNDB-2008-006064  
Title
PunBB におけるクロスサイトスクリプティングの脆弱性  
Summary
PunBB は、(1) include/parser.php および (2) moderate.php に関する処理に不備があるため、クロスサイトスクリプティングの脆弱性が存在します。  
Nvdinfo
CVE-2008-3336  
Cvssv2
4.3  
Jvnurl
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-006064.html  
Published Date
2008-07-14  
Registered Date
2012-12-20  
Last Updated Date
2012-12-20  

Actions

Related Nessuslogs

Id Log ID Jvninfo Id Plugin ID CVE CVSS Risk Host Protocol Port Name Synopsis Description Solution See Also Plugin Output Actions
51135 H28_MUN_DWEB_Q4_172_16_240_seg.csv 50754 42880 CVE-2009-3555 5.8 Medium 172.16.240.115 tcp 443 SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection The remote service allows insecure renegotiation of TLS / SSL connections. The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same "client" and merges them at the application layer. Contact the vendor for specific patch information. http://www.ietf.org/mail-archive/web/tls/current/msg03948.html http://www.g-sec.lu/practicaltls.pdf http://tools.ietf.org/html/rfc5746 TLSv1 supports insecure renegotiation. SSLv3 supports insecure renegotiation.
51490 H28_MUN_DWEB_Q4_172_16_240_seg.csv 50754 89674 CVE-2009-3555 10 Critical 172.16.240.115 tcp 443 VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5 Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1. https://www.vmware.com/security/advisories/VMSA-2011-0003 http://lists.vmware.com/pipermail/security-announce/2011/000140.html Version : ESX 4.0 Installed build : 208167 Fixed build : 360236
51893 H28_MUN_DWEB_Q4_172_16_240_seg.csv 50754 89742 CVE-2009-3555 10 Critical 172.16.240.115 tcp 443 VMware ESX Multiple Vulnerabilities (VMSA-2010-0015) (remote check) The remote VMware ESX host is missing a security-related patch. The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Berkeley DB NSS module - cURL / libcURL - GnuTLS - Network Security Services (NSS) Library - OpenLDAP - OpenSSL - OpenSSL Kerberos - sudo Apply the appropriate patch as referenced in the vendor advisory that pertains to ESX version 4.0 / 4.1. http://lists.vmware.com/pipermail/security-announce/2010/000110.html Version : ESX 4.0 Installed build : 208167 Fixed build : 294855
51903 H28_MUN_DWEB_Q4_172_16_240_seg.csv 50754 89745 CVE-2009-3555 7.5 High 172.16.240.115 tcp 443 VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check) The remote VMware ESX host is missing a security-related patch. The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - bzip2 - Network Security Services (NSS) Library - OpenSSL - Samba Apply the appropriate patch as referenced in the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1. http://lists.vmware.com/pipermail/security-announce/2011/000134.html Version : ESX 4.0 Installed build : 208167 Fixed build : 360236
56715 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 50754 42880 CVE-2009-3555 5.8 Medium 172.16.240.115 tcp 443 SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection The remote service allows insecure renegotiation of TLS / SSL connections. The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same "client" and merges them at the application layer. Contact the vendor for specific patch information. http://www.ietf.org/mail-archive/web/tls/current/msg03948.html http://www.g-sec.lu/practicaltls.pdf http://tools.ietf.org/html/rfc5746 TLSv1 supports insecure renegotiation. SSLv3 supports insecure renegotiation.
57071 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 50754 89674 CVE-2009-3555 10 Critical 172.16.240.115 tcp 443 VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5 Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1. https://www.vmware.com/security/advisories/VMSA-2011-0003 http://lists.vmware.com/pipermail/security-announce/2011/000140.html Version : ESX 4.0 Installed build : 208167 Fixed build : 360236
57474 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 50754 89742 CVE-2009-3555 10 Critical 172.16.240.115 tcp 443 VMware ESX Multiple Vulnerabilities (VMSA-2010-0015) (remote check) The remote VMware ESX host is missing a security-related patch. The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Berkeley DB NSS module - cURL / libcURL - GnuTLS - Network Security Services (NSS) Library - OpenLDAP - OpenSSL - OpenSSL Kerberos - sudo Apply the appropriate patch as referenced in the vendor advisory that pertains to ESX version 4.0 / 4.1. http://lists.vmware.com/pipermail/security-announce/2010/000110.html Version : ESX 4.0 Installed build : 208167 Fixed build : 294855
57484 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 50754 89745 CVE-2009-3555 7.5 High 172.16.240.115 tcp 443 VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check) The remote VMware ESX host is missing a security-related patch. The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - bzip2 - Network Security Services (NSS) Library - OpenSSL - Samba Apply the appropriate patch as referenced in the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1. http://lists.vmware.com/pipermail/security-announce/2011/000134.html Version : ESX 4.0 Installed build : 208167 Fixed build : 360236