Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | webstar_http_server | 4.0 |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | webstar | 5.2.4 |
| novell | edirectory | 8.7.1 |
| lite | speed_technologies_litespeed_web_server | 1.0.1 |
| cisco | webns | 7.1_0.2.06 |
| stonesoft | stonegate | 2.0.5 |
| freebsd | freebsd | 5.2.1 |
| novell | edirectory | 8.5 |
| cisco | ios | 12.1(11b)e14 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc1 |
| lite | speed_technologies_litespeed_web_server | 1.1.1 |
| neoteris | instant_virtual_extranet | 3.3.1 |
| redhat | openssl | 0.9.7a-2 |
| checkpoint | firewall-1 | next_generation_fp1 |
| stonesoft | stonegate | 2.2.4 |
| cisco | pix_firewall_software | 6.0 |
| stonesoft | stonegate | 2.0.9 |
| openbsd | openbsd | 3.4 |
| cisco | pix_firewall_software | 6.2 |
| checkpoint | vpn-1 | next_generation_fp2 |
| cisco | ios | 12.2(14)sy1 |
| vmware | gsx_server | 2.5.1 |
| cisco | pix_firewall_software | 6.2(3) |
| vmware | gsx_server | 2.0 |
| sco | openserver | 5.0.6 |
| cisco | gss_4490_global_site_selector | * |
| cisco | threat_response | * |
| cisco | css_secure_content_accelerator | 1.0 |
| checkpoint | firewall-1 | next_generation_fp2 |
| stonesoft | stonegate | 2.0.8 |
| hp | wbem | a.02.00.01 |
| apple | mac_os_x | 10.3.3 |
| cisco | ios | 12.1(11)e |
| sgi | propack | 3.0 |
| cisco | okena_stormwatch | 3.2 |
| 4d | webstar | 5.3 |
| stonesoft | stonegate | 2.0.6 |
| stonesoft | stonegate_vpn_client | 1.7 |
| avaya | sg5 | 4.4 |
| stonesoft | stonegate | 1.7 |
| avaya | s8700 | r2.0.0 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| hp | wbem | a.01.05.08 |
| avaya | vsu | 5x |
| lite | speed_technologies_litespeed_web_server | 1.3.1 |
| stonesoft | servercluster | 2.5 |
| avaya | s8500 | r2.0.1 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc2 |
| cisco | pix_firewall_software | 6.0(2) |
| stonesoft | stonegate | 2.0.7 |
| cisco | mds_9000 | * |
| cisco | css11000_content_services_switch | * |
| openssl | openssl | 0.9.7 |
| checkpoint | firewall-1 | 2.0 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| securecomputing | sidewinder | 5.2.0.02 |
| stonesoft | stonebeat_webcluster | 2.0 |
| cisco | pix_firewall_software | 6.0(4) |
| cisco | firewall_services_module | 2.1_(0.208) |
| 4d | webstar | 5.2.2 |
| avaya | sg203 | 4.31.29 |
| cisco | call_manager | * |
| securecomputing | sidewinder | 5.2.0.01 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| novell | edirectory | 8.6.2 |
| avaya | intuity_audix | 5.1.46 |
| stonesoft | stonegate | 1.7.2 |
| openssl | openssl | 0.9.6i |
| freebsd | freebsd | 4.8 |
| openssl | openssl | 0.9.6j |
| neoteris | instant_virtual_extranet | 3.3 |
| avaya | s8300 | r2.0.1 |
| stonesoft | stonegate | 1.6.3 |
| stonesoft | stonegate_vpn_client | 2.0.8 |
| hp | hp-ux | 11.23 |
| stonesoft | stonebeat_fullcluster | 2.5 |
| avaya | sg203 | 4.4 |
| cisco | webns | 7.10_.0.06s |
| lite | speed_technologies_litespeed_web_server | 1.2_rc1 |
| avaya | s8700 | r2.0.1 |
| stonesoft | stonebeat_webcluster | 2.5 |
| 4d | webstar | 5.2 |
| neoteris | instant_virtual_extranet | 3.2 |
| hp | aaa_server | * |
| stonesoft | stonegate_vpn_client | 2.0.9 |
| avaya | sg200 | 4.4 |
| cisco | pix_firewall_software | 6.3(3.102) |
| cisco | ios | 12.1(13)e9 |
| cisco | ios | 12.2sy |
| stonesoft | stonegate | 1.5.18 |
| openssl | openssl | 0.9.6c |
| vmware | gsx_server | 3.0_build_7592 |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| avaya | sg5 | 4.2 |
| avaya | vsu | 2000_r2.0.1 |
| cisco | webns | 6.10_b4 |
| redhat | openssl | 0.9.6-15 |
| novell | edirectory | 8.5.12a |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| checkpoint | vpn-1 | next_generation_fp1 |
| stonesoft | stonegate | 2.1 |
| cisco | pix_firewall_software | 6.2(2) |
| cisco | firewall_services_module | 1.1.2 |
| cisco | pix_firewall | 6.2.2_.111 |
| redhat | linux | 8.0 |
| cisco | ios | 12.2(14)sy |
| openssl | openssl | 0.9.6e |
| lite | speed_technologies_litespeed_web_server | 1.0.3 |
| cisco | gss_4480_global_site_selector | * |
| hp | hp-ux | 8.05 |
| lite | speed_technologies_litespeed_web_server | 1.2_rc2 |
| openssl | openssl | 0.9.7c |
| cisco | application_and_content_networking_software | * |
| avaya | sg200 | 4.31.29 |
| securecomputing | sidewinder | 5.2 |
| cisco | firewall_services_module | 1.1.3 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| stonesoft | stonegate_vpn_client | 2.0.7 |
| sco | openserver | 5.0.7 |
| checkpoint | provider-1 | 4.1 |
| freebsd | freebsd | 5.1 |
| cisco | pix_firewall_software | 6.1 |
| stonesoft | stonegate | 1.7.1 |
| neoteris | instant_virtual_extranet | 3.0 |
| stonesoft | stonegate | 1.6.2 |
| cisco | pix_firewall_software | 6.3(1) |
| 4d | webstar | 5.2.1 |
| tarantella | tarantella_enterprise | 3.20 |
| cisco | ios | 12.1(19)e1 |
| avaya | vsu | 5000_r2.0.1 |
| vmware | gsx_server | 2.0.1_build_2129 |
| checkpoint | vpn-1 | next_generation_fp0 |
| novell | edirectory | 8.7 |
| stonesoft | stonegate | 2.0.1 |
| lite | speed_technologies_litespeed_web_server | 1.2.1 |
| cisco | pix_firewall_software | 6.0(3) |
| cisco | pix_firewall_software | 6.1(4) |
| vmware | gsx_server | 2.5.1_build_5336 |
| openssl | openssl | 0.9.7b |
| cisco | pix_firewall_software | 6.2(1) |
| cisco | ios | 12.2za |
| tarantella | tarantella_enterprise | 3.30 |
| cisco | firewall_services_module | 1.1_(3.005) |
| novell | imanager | 1.5 |
| cisco | ios | 12.1(11b)e |
| avaya | sg5 | 4.3 |
| neoteris | instant_virtual_extranet | 3.1 |
| openbsd | openbsd | 3.3 |
| avaya | vsu | 500 |
| lite | speed_technologies_litespeed_web_server | 1.1 |
| avaya | s8300 | r2.0.0 |
| lite | speed_technologies_litespeed_web_server | 1.3 |
| cisco | pix_firewall_software | 6.1(1) |
| tarantella | tarantella_enterprise | 3.40 |
| avaya | sg208 | 4.4 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc3 |
| checkpoint | firewall-1 | * |
| cisco | ciscoworks_common_services | 2.2 |
| novell | edirectory | 8.5.27 |
| stonesoft | servercluster | 2.5.2 |
| cisco | webns | 7.1_0.1.02 |
| sgi | propack | 2.3 |
| avaya | vsu | 100_r2.0.1 |
| stonesoft | stonegate_vpn_client | 1.7.2 |
| stonesoft | stonegate | 2.2.1 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| cisco | firewall_services_module | * |
| cisco | css_secure_content_accelerator | 2.0 |
| cisco | pix_firewall_software | 6.3(2) |
| hp | apache-based_web_server | 2.0.43.04 |
| hp | apache-based_web_server | 2.0.43.00 |
| securecomputing | sidewinder | 5.2.0.04 |
| cisco | pix_firewall_software | 6.0(4.101) |
| freebsd | freebsd | 5.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| cisco | pix_firewall_software | 6.1(3) |
| hp | wbem | a.02.00.00 |
| avaya | intuity_audix | s3400 |
| dell | bsafe_ssl-j | 3.0.1 |
| stonesoft | stonegate | 2.0.4 |
| stonesoft | stonebeat_fullcluster | 2.0 |
| avaya | intuity_audix | s3210 |
| avaya | vsu | 5 |
| avaya | converged_communications_server | 2.0 |
| redhat | enterprise_linux | 3.0 |
| avaya | vsu | 7500_r2.0.1 |
| lite | speed_technologies_litespeed_web_server | 1.2.2 |
| cisco | content_services_switch_11500 | * |
| sun | crypto_accelerator_4000 | 1.0 |
| cisco | secure_content_accelerator | 10000 |
| cisco | ios | 12.1(11b)e12 |
| stonesoft | stonebeat_securitycluster | 2.5 |
| openssl | openssl | 0.9.7a |
| avaya | s8500 | r2.0.0 |
| lite | speed_technologies_litespeed_web_server | 1.0.2 |
| cisco | pix_firewall_software | 6.2(3.100) |
| securecomputing | sidewinder | 5.2.1 |
| cisco | pix_firewall_software | 6.1(2) |
| checkpoint | firewall-1 | next_generation_fp0 |
| novell | imanager | 2.0 |
| sgi | propack | 2.4 |
| stonesoft | stonegate | 1.5.17 |
| hp | hp-ux | 11.11 |
| cisco | pix_firewall_software | 6.0(1) |
| 4d | webstar | 5.3.1 |
| 4d | webstar | 5.2.3 |
| openssl | openssl | 0.9.6g |
| cisco | webns | 6.10 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| redhat | linux | 7.2 |
| redhat | openssl | 0.9.6b-3 |
| bluecoat | proxysg | * |
| redhat | linux | 7.3 |
| dell | bsafe_ssl-j | 3.1 |
| openssl | openssl | 0.9.6f |
| dell | bsafe_ssl-j | 3.0 |
| stonesoft | stonegate_vpn_client | 2.0 |
| cisco | webns | 7.2_0.0.03 |
| 4d | webstar | 4.0 |
| apple | mac_os_x_server | 10.3.3 |
| cisco | access_registrar | * |
| freebsd | freebsd | 4.9 |
| novell | edirectory | 8.0 |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| cisco | pix_firewall_software | 6.1(5) |
| cisco | pix_firewall_software | 6.3 |
| cisco | pix_firewall_software | 6.3(3.109) |
| avaya | intuity_audix | * |
| hp | hp-ux | 11.00 |
| securecomputing | sidewinder | 5.2.1.02 |
| avaya | sg208 | * |
| cisco | webns | 7.10 |
| stonesoft | stonegate | 2.2 |
| openssl | openssl | 0.9.6h |
| avaya | vsu | 10000_r2.0.1 |
| openssl | openssl | 0.9.6k |
| openssl | openssl | 0.9.6d |
| securecomputing | sidewinder | 5.2.0.03 |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | webstar | 5.2.4 |
| novell | edirectory | 8.7.1 |
| lite | speed_technologies_litespeed_web_server | 1.0.1 |
| cisco | webns | 7.1_0.2.06 |
| stonesoft | stonegate | 2.0.5 |
| freebsd | freebsd | 5.2.1 |
| novell | edirectory | 8.5 |
| cisco | ios | 12.1(11b)e14 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc1 |
| lite | speed_technologies_litespeed_web_server | 1.1.1 |
| neoteris | instant_virtual_extranet | 3.3.1 |
| redhat | openssl | 0.9.7a-2 |
| checkpoint | firewall-1 | next_generation_fp1 |
| stonesoft | stonegate | 2.2.4 |
| cisco | pix_firewall_software | 6.0 |
| stonesoft | stonegate | 2.0.9 |
| openbsd | openbsd | 3.4 |
| cisco | pix_firewall_software | 6.2 |
| cisco | ios | 12.2(14)sy1 |
| vmware | gsx_server | 2.5.1 |
| cisco | pix_firewall_software | 6.2(3) |
| vmware | gsx_server | 2.0 |
| sco | openserver | 5.0.6 |
| cisco | gss_4490_global_site_selector | * |
| cisco | threat_response | * |
| cisco | css_secure_content_accelerator | 1.0 |
| checkpoint | firewall-1 | next_generation_fp2 |
| stonesoft | stonegate | 2.0.8 |
| hp | wbem | a.02.00.01 |
| checkpoint | vpn-1 | next_generation |
| apple | mac_os_x | 10.3.3 |
| cisco | ios | 12.1(11)e |
| sgi | propack | 3.0 |
| cisco | okena_stormwatch | 3.2 |
| 4d | webstar | 5.3 |
| stonesoft | stonegate | 2.0.6 |
| stonesoft | stonegate_vpn_client | 1.7 |
| avaya | sg5 | 4.4 |
| stonesoft | stonegate | 1.7 |
| avaya | s8700 | r2.0.0 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| hp | wbem | a.01.05.08 |
| avaya | vsu | 5x |
| lite | speed_technologies_litespeed_web_server | 1.3.1 |
| stonesoft | servercluster | 2.5 |
| avaya | s8500 | r2.0.1 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc2 |
| cisco | pix_firewall_software | 6.0(2) |
| stonesoft | stonegate | 2.0.7 |
| cisco | mds_9000 | * |
| cisco | css11000_content_services_switch | * |
| openssl | openssl | 0.9.7 |
| checkpoint | firewall-1 | 2.0 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| securecomputing | sidewinder | 5.2.0.02 |
| stonesoft | stonebeat_webcluster | 2.0 |
| cisco | pix_firewall_software | 6.0(4) |
| cisco | firewall_services_module | 2.1_(0.208) |
| 4d | webstar | 5.2.2 |
| avaya | sg203 | 4.31.29 |
| cisco | call_manager | * |
| securecomputing | sidewinder | 5.2.0.01 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| novell | edirectory | 8.6.2 |
| avaya | intuity_audix | 5.1.46 |
| stonesoft | stonegate | 1.7.2 |
| openssl | openssl | 0.9.6i |
| freebsd | freebsd | 4.8 |
| openssl | openssl | 0.9.6j |
| neoteris | instant_virtual_extranet | 3.3 |
| avaya | s8300 | r2.0.1 |
| stonesoft | stonegate | 1.6.3 |
| stonesoft | stonegate_vpn_client | 2.0.8 |
| hp | hp-ux | 11.23 |
| stonesoft | stonebeat_fullcluster | 2.5 |
| avaya | sg203 | 4.4 |
| cisco | webns | 7.10_.0.06s |
| lite | speed_technologies_litespeed_web_server | 1.2_rc1 |
| avaya | s8700 | r2.0.1 |
| stonesoft | stonebeat_webcluster | 2.5 |
| 4d | webstar | 5.2 |
| neoteris | instant_virtual_extranet | 3.2 |
| hp | aaa_server | * |
| stonesoft | stonegate_vpn_client | 2.0.9 |
| avaya | sg200 | 4.4 |
| cisco | pix_firewall_software | 6.3(3.102) |
| cisco | ios | 12.1(13)e9 |
| cisco | ios | 12.2sy |
| stonesoft | stonegate | 1.5.18 |
| openssl | openssl | 0.9.6c |
| vmware | gsx_server | 3.0_build_7592 |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| avaya | sg5 | 4.2 |
| avaya | vsu | 2000_r2.0.1 |
| cisco | webns | 6.10_b4 |
| redhat | openssl | 0.9.6-15 |
| novell | edirectory | 8.5.12a |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| checkpoint | vpn-1 | next_generation_fp1 |
| stonesoft | stonegate | 2.1 |
| cisco | pix_firewall_software | 6.2(2) |
| cisco | firewall_services_module | 1.1.2 |
| cisco | pix_firewall | 6.2.2_.111 |
| redhat | linux | 8.0 |
| cisco | ios | 12.2(14)sy |
| openssl | openssl | 0.9.6e |
| lite | speed_technologies_litespeed_web_server | 1.0.3 |
| cisco | gss_4480_global_site_selector | * |
| hp | hp-ux | 8.05 |
| lite | speed_technologies_litespeed_web_server | 1.2_rc2 |
| openssl | openssl | 0.9.7c |
| cisco | application_and_content_networking_software | * |
| avaya | sg200 | 4.31.29 |
| securecomputing | sidewinder | 5.2 |
| cisco | firewall_services_module | 1.1.3 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| stonesoft | stonegate_vpn_client | 2.0.7 |
| sco | openserver | 5.0.7 |
| checkpoint | provider-1 | 4.1 |
| freebsd | freebsd | 5.1 |
| cisco | pix_firewall_software | 6.1 |
| stonesoft | stonegate | 1.7.1 |
| neoteris | instant_virtual_extranet | 3.0 |
| stonesoft | stonegate | 1.6.2 |
| cisco | pix_firewall_software | 6.3(1) |
| 4d | webstar | 5.2.1 |
| tarantella | tarantella_enterprise | 3.20 |
| cisco | ios | 12.1(19)e1 |
| avaya | vsu | 5000_r2.0.1 |
| vmware | gsx_server | 2.0.1_build_2129 |
| checkpoint | vpn-1 | next_generation_fp0 |
| novell | edirectory | 8.7 |
| stonesoft | stonegate | 2.0.1 |
| lite | speed_technologies_litespeed_web_server | 1.2.1 |
| cisco | pix_firewall_software | 6.0(3) |
| cisco | pix_firewall_software | 6.1(4) |
| vmware | gsx_server | 2.5.1_build_5336 |
| openssl | openssl | 0.9.7b |
| cisco | pix_firewall_software | 6.2(1) |
| cisco | ios | 12.2za |
| tarantella | tarantella_enterprise | 3.30 |
| cisco | firewall_services_module | 1.1_(3.005) |
| novell | imanager | 1.5 |
| cisco | ios | 12.1(11b)e |
| avaya | sg5 | 4.3 |
| neoteris | instant_virtual_extranet | 3.1 |
| openbsd | openbsd | 3.3 |
| avaya | vsu | 500 |
| lite | speed_technologies_litespeed_web_server | 1.1 |
| avaya | s8300 | r2.0.0 |
| lite | speed_technologies_litespeed_web_server | 1.3 |
| cisco | pix_firewall_software | 6.1(1) |
| tarantella | tarantella_enterprise | 3.40 |
| avaya | sg208 | 4.4 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc3 |
| checkpoint | firewall-1 | * |
| cisco | ciscoworks_common_services | 2.2 |
| novell | edirectory | 8.5.27 |
| stonesoft | servercluster | 2.5.2 |
| cisco | webns | 7.1_0.1.02 |
| sgi | propack | 2.3 |
| avaya | vsu | 100_r2.0.1 |
| stonesoft | stonegate_vpn_client | 1.7.2 |
| stonesoft | stonegate | 2.2.1 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| cisco | firewall_services_module | * |
| cisco | css_secure_content_accelerator | 2.0 |
| cisco | pix_firewall_software | 6.3(2) |
| hp | apache-based_web_server | 2.0.43.04 |
| hp | apache-based_web_server | 2.0.43.00 |
| securecomputing | sidewinder | 5.2.0.04 |
| cisco | pix_firewall_software | 6.0(4.101) |
| freebsd | freebsd | 5.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| cisco | pix_firewall_software | 6.1(3) |
| hp | wbem | a.02.00.00 |
| avaya | intuity_audix | s3400 |
| dell | bsafe_ssl-j | 3.0.1 |
| stonesoft | stonegate | 2.0.4 |
| stonesoft | stonebeat_fullcluster | 2.0 |
| avaya | intuity_audix | s3210 |
| avaya | vsu | 5 |
| avaya | converged_communications_server | 2.0 |
| redhat | enterprise_linux | 3.0 |
| avaya | vsu | 7500_r2.0.1 |
| lite | speed_technologies_litespeed_web_server | 1.2.2 |
| cisco | content_services_switch_11500 | * |
| sun | crypto_accelerator_4000 | 1.0 |
| cisco | secure_content_accelerator | 10000 |
| cisco | ios | 12.1(11b)e12 |
| stonesoft | stonebeat_securitycluster | 2.5 |
| openssl | openssl | 0.9.7a |
| avaya | s8500 | r2.0.0 |
| lite | speed_technologies_litespeed_web_server | 1.0.2 |
| cisco | pix_firewall_software | 6.2(3.100) |
| securecomputing | sidewinder | 5.2.1 |
| cisco | pix_firewall_software | 6.1(2) |
| checkpoint | firewall-1 | next_generation_fp0 |
| novell | imanager | 2.0 |
| sgi | propack | 2.4 |
| stonesoft | stonegate | 1.5.17 |
| hp | hp-ux | 11.11 |
| cisco | pix_firewall_software | 6.0(1) |
| 4d | webstar | 5.3.1 |
| 4d | webstar | 5.2.3 |
| openssl | openssl | 0.9.6g |
| cisco | webns | 6.10 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| redhat | linux | 7.2 |
| redhat | openssl | 0.9.6b-3 |
| bluecoat | proxysg | * |
| redhat | linux | 7.3 |
| dell | bsafe_ssl-j | 3.1 |
| openssl | openssl | 0.9.6f |
| dell | bsafe_ssl-j | 3.0 |
| stonesoft | stonegate_vpn_client | 2.0 |
| cisco | webns | 7.2_0.0.03 |
| 4d | webstar | 4.0 |
| apple | mac_os_x_server | 10.3.3 |
| cisco | access_registrar | * |
| freebsd | freebsd | 4.9 |
| novell | edirectory | 8.0 |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| cisco | pix_firewall_software | 6.1(5) |
| cisco | pix_firewall_software | 6.3 |
| cisco | pix_firewall_software | 6.3(3.109) |
| avaya | intuity_audix | * |
| hp | hp-ux | 11.00 |
| securecomputing | sidewinder | 5.2.1.02 |
| avaya | sg208 | * |
| cisco | webns | 7.10 |
| stonesoft | stonegate | 2.2 |
| openssl | openssl | 0.9.6h |
| avaya | vsu | 10000_r2.0.1 |
| openssl | openssl | 0.9.6k |
| openssl | openssl | 0.9.6d |
| securecomputing | sidewinder | 5.2.0.03 |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | webstar | 5.2.4 |
| novell | edirectory | 8.7.1 |
| cisco | webns | 7.1_0.2.06 |
| freebsd | freebsd | 5.2.1 |
| novell | edirectory | 8.5 |
| cisco | ios | 12.1(11b)e14 |
| forcepoint | stonegate | 2.0.4 |
| neoteris | instant_virtual_extranet | 3.3.1 |
| redhat | openssl | 0.9.7a-2 |
| checkpoint | firewall-1 | next_generation_fp1 |
| cisco | pix_firewall_software | 6.0 |
| forcepoint | stonegate | 1.7.2 |
| openbsd | openbsd | 3.4 |
| cisco | pix_firewall_software | 6.2 |
| checkpoint | vpn-1 | next_generation_fp2 |
| cisco | ios | 12.2(14)sy1 |
| vmware | gsx_server | 2.5.1 |
| cisco | pix_firewall_software | 6.2(3) |
| vmware | gsx_server | 2.0 |
| sco | openserver | 5.0.6 |
| cisco | gss_4490_global_site_selector | * |
| cisco | threat_response | * |
| cisco | css_secure_content_accelerator | 1.0 |
| checkpoint | firewall-1 | next_generation_fp2 |
| hp | wbem | a.02.00.01 |
| forcepoint | stonegate | 1.7 |
| apple | mac_os_x | 10.3.3 |
| cisco | ios | 12.1(11)e |
| sgi | propack | 3.0 |
| cisco | okena_stormwatch | 3.2 |
| forcepoint | stonegate | 2.0.8 |
| 4d | webstar | 5.3 |
| avaya | sg5 | 4.4 |
| avaya | s8700 | r2.0.0 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| hp | wbem | a.01.05.08 |
| avaya | vsu | 5x |
| stonesoft | servercluster | 2.5 |
| avaya | s8500 | r2.0.1 |
| cisco | pix_firewall_software | 6.0(2) |
| cisco | mds_9000 | * |
| cisco | css11000_content_services_switch | * |
| openssl | openssl | 0.9.7 |
| checkpoint | firewall-1 | 2.0 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| securecomputing | sidewinder | 5.2.0.02 |
| stonesoft | stonebeat_webcluster | 2.0 |
| cisco | pix_firewall_software | 6.0(4) |
| cisco | firewall_services_module | 2.1_(0.208) |
| 4d | webstar | 5.2.2 |
| avaya | sg203 | 4.31.29 |
| cisco | call_manager | * |
| securecomputing | sidewinder | 5.2.0.01 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| novell | edirectory | 8.6.2 |
| avaya | intuity_audix | 5.1.46 |
| openssl | openssl | 0.9.6i |
| freebsd | freebsd | 4.8 |
| openssl | openssl | 0.9.6j |
| neoteris | instant_virtual_extranet | 3.3 |
| avaya | s8300 | r2.0.1 |
| hp | hp-ux | 11.23 |
| stonesoft | stonebeat_fullcluster | 2.5 |
| avaya | sg203 | 4.4 |
| cisco | webns | 7.10_.0.06s |
| avaya | s8700 | r2.0.1 |
| stonesoft | stonebeat_webcluster | 2.5 |
| 4d | webstar | 5.2 |
| neoteris | instant_virtual_extranet | 3.2 |
| hp | aaa_server | * |
| avaya | sg200 | 4.4 |
| cisco | pix_firewall_software | 6.3(3.102) |
| cisco | ios | 12.1(13)e9 |
| cisco | ios | 12.2sy |
| openssl | openssl | 0.9.6c |
| vmware | gsx_server | 3.0_build_7592 |
| forcepoint | stonegate | 2.2.4 |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| avaya | sg5 | 4.2 |
| avaya | vsu | 2000_r2.0.1 |
| cisco | webns | 6.10_b4 |
| redhat | openssl | 0.9.6-15 |
| novell | edirectory | 8.5.12a |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| checkpoint | vpn-1 | next_generation_fp1 |
| cisco | pix_firewall_software | 6.2(2) |
| cisco | firewall_services_module | 1.1.2 |
| cisco | pix_firewall | 6.2.2_.111 |
| litespeedtech | litespeed_web_server | 1.0.1 |
| redhat | linux | 8.0 |
| forcepoint | stonegate | 1.6.3 |
| cisco | ios | 12.2(14)sy |
| openssl | openssl | 0.9.6e |
| cisco | gss_4480_global_site_selector | * |
| hp | hp-ux | 8.05 |
| openssl | openssl | 0.9.7c |
| cisco | application_and_content_networking_software | * |
| avaya | sg200 | 4.31.29 |
| securecomputing | sidewinder | 5.2 |
| cisco | firewall_services_module | 1.1.3 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| sco | openserver | 5.0.7 |
| checkpoint | provider-1 | 4.1 |
| freebsd | freebsd | 5.1 |
| cisco | pix_firewall_software | 6.1 |
| neoteris | instant_virtual_extranet | 3.0 |
| cisco | pix_firewall_software | 6.3(1) |
| 4d | webstar | 5.2.1 |
| tarantella | tarantella_enterprise | 3.20 |
| forcepoint | stonegate | 2.2 |
| cisco | ios | 12.1(19)e1 |
| avaya | vsu | 5000_r2.0.1 |
| vmware | gsx_server | 2.0.1_build_2129 |
| checkpoint | vpn-1 | next_generation_fp0 |
| novell | edirectory | 8.7 |
| forcepoint | stonegate | 2.0.6 |
| cisco | pix_firewall_software | 6.0(3) |
| cisco | pix_firewall_software | 6.1(4) |
| vmware | gsx_server | 2.5.1_build_5336 |
| openssl | openssl | 0.9.7b |
| cisco | pix_firewall_software | 6.2(1) |
| cisco | ios | 12.2za |
| tarantella | tarantella_enterprise | 3.30 |
| cisco | firewall_services_module | 1.1_(3.005) |
| novell | imanager | 1.5 |
| cisco | ios | 12.1(11b)e |
| forcepoint | stonegate | 2.2.1 |
| avaya | sg5 | 4.3 |
| neoteris | instant_virtual_extranet | 3.1 |
| openbsd | openbsd | 3.3 |
| avaya | vsu | 500 |
| avaya | s8300 | r2.0.0 |
| cisco | pix_firewall_software | 6.1(1) |
| tarantella | tarantella_enterprise | 3.40 |
| avaya | sg208 | 4.4 |
| forcepoint | stonegate | 1.7.1 |
| checkpoint | firewall-1 | * |
| cisco | ciscoworks_common_services | 2.2 |
| novell | edirectory | 8.5.27 |
| stonesoft | servercluster | 2.5.2 |
| cisco | webns | 7.1_0.1.02 |
| sgi | propack | 2.3 |
| avaya | vsu | 100_r2.0.1 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| cisco | firewall_services_module | * |
| cisco | css_secure_content_accelerator | 2.0 |
| cisco | pix_firewall_software | 6.3(2) |
| hp | apache-based_web_server | 2.0.43.04 |
| hp | apache-based_web_server | 2.0.43.00 |
| securecomputing | sidewinder | 5.2.0.04 |
| cisco | pix_firewall_software | 6.0(4.101) |
| freebsd | freebsd | 5.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| cisco | pix_firewall_software | 6.1(3) |
| hp | wbem | a.02.00.00 |
| avaya | intuity_audix | s3400 |
| dell | bsafe_ssl-j | 3.0.1 |
| stonesoft | stonebeat_fullcluster | 2.0 |
| avaya | intuity_audix | s3210 |
| forcepoint | stonegate | 2.1 |
| avaya | vsu | 5 |
| avaya | converged_communications_server | 2.0 |
| redhat | enterprise_linux | 3.0 |
| avaya | vsu | 7500_r2.0.1 |
| cisco | content_services_switch_11500 | * |
| sun | crypto_accelerator_4000 | 1.0 |
| cisco | secure_content_accelerator | 10000 |
| cisco | ios | 12.1(11b)e12 |
| stonesoft | stonebeat_securitycluster | 2.5 |
| openssl | openssl | 0.9.7a |
| avaya | s8500 | r2.0.0 |
| forcepoint | stonegate | 1.6.2 |
| cisco | pix_firewall_software | 6.2(3.100) |
| securecomputing | sidewinder | 5.2.1 |
| cisco | pix_firewall_software | 6.1(2) |
| checkpoint | firewall-1 | next_generation_fp0 |
| novell | imanager | 2.0 |
| sgi | propack | 2.4 |
| forcepoint | stonegate | 1.5.17 |
| hp | hp-ux | 11.11 |
| cisco | pix_firewall_software | 6.0(1) |
| 4d | webstar | 5.3.1 |
| 4d | webstar | 5.2.3 |
| openssl | openssl | 0.9.6g |
| cisco | webns | 6.10 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| redhat | linux | 7.2 |
| redhat | openssl | 0.9.6b-3 |
| bluecoat | proxysg | * |
| redhat | linux | 7.3 |
| dell | bsafe_ssl-j | 3.1 |
| openssl | openssl | 0.9.6f |
| dell | bsafe_ssl-j | 3.0 |
| cisco | webns | 7.2_0.0.03 |
| 4d | webstar | 4.0 |
| apple | mac_os_x_server | 10.3.3 |
| cisco | access_registrar | * |
| freebsd | freebsd | 4.9 |
| novell | edirectory | 8.0 |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| cisco | pix_firewall_software | 6.1(5) |
| forcepoint | stonegate | 2.0.7 |
| cisco | pix_firewall_software | 6.3 |
| forcepoint | stonegate | 1.5.18 |
| cisco | pix_firewall_software | 6.3(3.109) |
| avaya | intuity_audix | * |
| hp | hp-ux | 11.00 |
| securecomputing | sidewinder | 5.2.1.02 |
| avaya | sg208 | * |
| cisco | webns | 7.10 |
| openssl | openssl | 0.9.6h |
| avaya | vsu | 10000_r2.0.1 |
| forcepoint | stonegate | 2.0.9 |
| openssl | openssl | 0.9.6k |
| forcepoint | stonegate | 2.0.1 |
| openssl | openssl | 0.9.6d |
| forcepoint | stonegate | 2.0.5 |
| securecomputing | sidewinder | 5.2.0.03 |
Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | webstar | 5.2.4 |
| 4d | webstar | 5.3.1 |
| 4d | webstar | 5.2.1 |
| 4d | webstar | 5.2.3 |
| 4d | webstar | 5.2 |
| 4d | webstar | 5.3 |
| 4d | webstar | 5.3.2 |
| 4d | webstar | 5.2.2 |
| 4d | webstar | 4.0 |
The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a "*" (asterisk) character.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | webstar | 5.2.4 |
| 4d | webstar | 5.3.1 |
| 4d | webstar | 5.2.1 |
| 4d | webstar | 5.2.3 |
| 4d | webstar | 5.2 |
| 4d | webstar | 5.3 |
| 4d | webstar | 5.3.2 |
| 4d | webstar | 5.2.2 |
| 4d | webstar | 4.0 |
Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote attackers to read the php.ini configuration file and possibly obtain sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | webstar | 5.2.4 |
| 4d | webstar | 5.3.1 |
| 4d | webstar | 5.2.1 |
| 4d | webstar | 5.2.3 |
| 4d | webstar | 5.2 |
| 4d | webstar | 5.3 |
| 4d | webstar | 5.3.2 |
| 4d | webstar | 5.2.2 |
| 4d | webstar | 4.0 |
4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | webstar | 5.2.4 |
| 4d | webstar | 5.3.1 |
| 4d | webstar | 5.2.1 |
| 4d | webstar | 5.2.3 |
| 4d | webstar | 5.2 |
| 4d | webstar | 5.3 |
| 4d | webstar | 5.3.2 |
| 4d | webstar | 5.2.2 |
| 4d | webstar | 4.0 |
Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | webstar | 5.4 |
| 4d | webstar | 5.3.3 |
Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | webstar | 5.2.4 |
| 4d | webstar | 5.2.1 |
| 4d | webstar | 5.3.3 |
| 4d | webstar | 5.2 |
| 4d | webstar | 5.1.3 |
| 4d | webstar | 5.3 |
| 4d | webstar | 5.1.2 |
| 4d | webstar | 5.3.2 |
| 4d | webstar | 5.3.1 |
| 4d | webstar | 5.2.3 |
| 4d | webstar | 5.2.2 |
| 4d | webstar | 5.3.4 |
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | server | 18 |
| 4d | server | 17 |
| 4d | server | 19 |
A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | server | 18 |
| 4d | server | 17 |
| 4d | server | 19 |
An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| cve-coordination@incibe.es | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 4d | 4d | 19 |
| 4d | server | 19 |