|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster 48 - WEB (35 candidates)
The following cluster contains 35 candidates which are related to WWW servers or browsers. - Steve Proposed: 12/13 Scheduled Proposed: 12/13 Scheduled Interim Decision: 12/27 Scheduled Final Decision: 12/31 Summary of votes to use (in ascending order of "severity"): ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ================================= Candidate: CAN-1999-0677 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: CF Reference: BUGTRAQ:19990802 [LoWNOISE] Password hunting with webramp Reference: BID:577 The WebRamp web administration utility has a default password. VOTE: ================================= Candidate: CAN-1999-0685 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow Reference: BID:618 Buffer overflow in Netscape Communicator via EMBED tags. VOTE: ================================= Candidate: CAN-1999-0695 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ: [Sybase] software vendors do not think about old bugs Reference: XF:http-powerdynamo-dotdotslash Reference: BID:620 The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. VOTE: ================================= Candidate: CAN-1999-0699 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BID:623 The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. VOTE: ================================= Candidate: CAN-1999-0744 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers Reference: BID:603 Buffer overflow in Netscape Enterprise Server and FastTrask Server via a long HTTP GET request. VOTE: ================================= Candidate: CAN-1999-0751 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2 Reference: BID:631 Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. VOTE: ================================= Candidate: CAN-1999-0752 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug Buffer overflow in Netscape Enterprise Server via SSL handshake. VOTE: ================================= Candidate: CAN-1999-0753 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: unknown Reference: BUGTRAQ:19990817 Stupid bug in W3-msql Reference: BID:591 The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories. VOTE: ================================= Candidate: CAN-1999-0762 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: XF:netscape-title Reference: BUGTRAQ:19990524 Netscape Communicator JavaScript in <TITLE> security vulnerability When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. VOTE: ================================= Candidate: CAN-1999-0776 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: NTBUGTRAQ:19990506 ".."-hole in Alibaba 2.0 Reference: XF:http-alibaba-dotdot Alibaba HTTP server allows remote attackers to read files via a ... (dot dot) attack. VOTE: ================================= Candidate: CAN-1999-0790 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF A remote attacker can read information from a Netscape user's cache via JavaScript. VOTE: ================================= Candidate: CAN-1999-0807 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: XF:netscape-dirsvc-password The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. VOTE: ================================= Candidate: CAN-1999-0809 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990709 Communicator 4.[56]x, JavaScript used to bypass cookie settings Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed" VOTE: ================================= Candidate: CAN-1999-0876 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: MSKB:Q185959 Reference: MSKB:Q176697 Buffer overflow in Internet Explorer 4.0 via EMBED tag. VOTE: ================================= Candidate: CAN-1999-0881 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991025 Falcon Web Server Reference: BINDVIEW:Falcon Web Server Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. VOTE: ================================= Candidate: CAN-1999-0882 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991025 Falcon Web Server Reference: BINDVIEW:Falcon Web Server Falcon web server allows remote attackers to determine the absolute path of the web root via long file names. VOTE: ================================= Candidate: CAN-1999-0883 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise Reference: BID:742 Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine. VOTE: ================================= Candidate: CAN-1999-0884 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise Reference: BID:742 The Zeus web server administrative interface uses weak encryption for its passwords. VOTE: ================================= Candidate: CAN-1999-0885 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991103 More Alibaba Web Server problems... Reference: BID:770 Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. VOTE: ================================= Candidate: CAN-1999-0887 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability Reference: EEYE:AD05261999 FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack. VOTE: ================================= Candidate: CAN-1999-0892 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991018 Netscape 4.x buffer overflow Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. VOTE: ================================= Candidate: CAN-1999-0897 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990908 bug in iChat 3.0 (maybe others) iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. VOTE: ================================= Candidate: CAN-1999-0913 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990804 NSW Dragon Fire gets drowned Reference: BID:564 dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. VOTE: ================================= Candidate: CAN-1999-0915 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991028 URL Live! 1.0 WebServer Reference: BID:746 URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. VOTE: ================================= Candidate: CAN-1999-0929 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990616 Novell NetWare webservers DoS Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests. VOTE: ================================= Candidate: CAN-1999-0933 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991001 RFP9904: TeamTrack webserver vulnerability Reference: BID:689 TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. VOTE: ================================= Candidate: CAN-1999-0934 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: EL8:19991215 Classifieds (classifieds.cgi) classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters. VOTE: ================================= Candidate: CAN-1999-0935 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: EL8:19991215 Classifieds (classifieds.cgi) classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form. VOTE: ================================= Candidate: CAN-1999-0936 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: EL8:19981203 BNBSurvey (survey.cgi) BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. VOTE: ================================= Candidate: CAN-1999-0937 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: EL8:19981203 BNBForm (bnbform.cgi) BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. VOTE: ================================= Candidate: CAN-1999-0943 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991015 OpenLink 3.2 Advisory Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator. VOTE: ================================= Candidate: CAN-1999-0947 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: BID:762 AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. VOTE: ================================= Candidate: CAN-1999-0951 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991022 Imagemap CGI overflow exploit Reference: BID:739 Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote attackers toe xecute commands. VOTE: ================================= Candidate: CAN-1999-0953 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: CF Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability Reference: BUGTRAQ:19990916 More fun with WWWBoard WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. VOTE: ================================= Candidate: CAN-1999-0967 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: L0PHT:19971101 Microsoft Internet Explorer 4.0 Suite Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. VOTE:
|
||||
