U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB13-210)

Vulnerability Summary for the Week of July 22, 2013

Original release date: July 29, 2013

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- http_servermod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.2013-07-237.5CVE-2013-2249
apache -- strutsApache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.2013-07-199.3CVE-2013-2251
asus -- dsl-n55uMultiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.2013-07-2610.0CVE-2013-4937
cisco -- video_surveillance_softwareMultiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163.2013-07-257.8CVE-2013-3429
cisco -- video_surveillance_softwareCisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288.2013-07-259.0CVE-2013-3430
cisco -- video_surveillance_softwareCisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.2013-07-257.8CVE-2013-3431
emc -- avamar_serverEMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors.2013-07-199.0CVE-2013-3274
hp -- database_and_middleware_automationHP Database and Middleware Automation (DMA) 10.x before 10.10, when SSL is used, allows remote attackers to obtain sensitive information via unspecified vectors.2013-07-227.9CVE-2013-2365
ibm -- javaUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3008.2013-07-239.3CVE-2013-3006
ibm -- javaUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.2013-07-239.3CVE-2013-3007
ibm -- javaUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.2013-07-239.3CVE-2013-3008
ibm -- javaUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3011 and CVE-2013-3012.2013-07-239.3CVE-2013-3009
ibm -- javaUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3007.2013-07-239.3CVE-2013-3010
ibm -- javaUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012.2013-07-239.3CVE-2013-3011
ibm -- javaUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011.2013-07-239.3CVE-2013-3012
ibm -- javaUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.2013-07-237.1CVE-2013-4002
igor_sysoev -- nginxThe ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.2013-07-197.5CVE-2013-2028
news_search_project -- news_searchSQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2013-07-197.5CVE-2013-4870
redhat -- jboss_enterprise_application_platformResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.2013-07-237.5CVE-2013-2165
samsung -- ps50c7700_televisionThe DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600.2013-07-237.8CVE-2013-4890
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- activemqCross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."2013-07-194.3CVE-2013-1879
apache -- strutsMultiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.2013-07-195.8CVE-2013-2248
bestpractical -- request_trackerBest Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.2013-07-244.3CVE-2012-6578
bestpractical -- request_trackerBest Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address.2013-07-246.4CVE-2012-6579
bestpractical -- request_trackerBest Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address.2013-07-244.3CVE-2012-6580
bestpractical -- request_trackerBest Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.2013-07-244.3CVE-2012-6581
cisco -- adaptive_security_appliance_softwareCross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.2013-07-254.3CVE-2013-3414
cisco -- unified_ip_conference_station_7937gThe Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052.2013-07-235.0CVE-2013-3435
cisco -- iosThe default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.2013-07-195.0CVE-2013-3436
cisco -- unified_operations_managerSQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.2013-07-236.5CVE-2013-3437
cisco -- unified_meetingplace_web_conferencingThe web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385.2013-07-245.0CVE-2013-3438
cisco -- unified_operations_managerCross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182.2013-07-234.3CVE-2013-3439
cisco -- unified_operations_managerMultiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.2013-07-234.3CVE-2013-3440
cisco -- aironet_3600Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently forcing many transitions from FlexConnect mode to Standalone mode, aka Bug ID CSCuh71210.2013-07-235.4CVE-2013-3441
cybozu -- cybozu_officeCybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.2013-07-195.8CVE-2013-3656
emc -- avamar_serverEMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."2013-07-194.3CVE-2013-3275
hp -- system_management_homepageHP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355.2013-07-225.0CVE-2012-5217
hp -- system_management_homepageHP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217.2013-07-225.0CVE-2013-2355
hp -- system_management_homepageHP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363.2013-07-225.0CVE-2013-2356
hp -- system_management_homepageUnspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360.2013-07-224.0CVE-2013-2357
hp -- system_management_homepageUnspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360.2013-07-224.0CVE-2013-2358
hp -- system_management_homepageUnspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2360.2013-07-224.0CVE-2013-2359
hp -- system_management_homepageUnspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359.2013-07-224.0CVE-2013-2360
hp -- system_management_homepageCross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-07-224.3CVE-2013-2361
hp -- system_management_homepageHP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356.2013-07-225.0CVE-2013-2363
ibm -- api_managementUnspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive information or modify data, via unknown vectors.2013-07-196.4CVE-2013-0559
ibm -- social_media_analyticsCross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-07-254.3CVE-2013-3999
igor_sysoev -- nginxhttp/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.2013-07-195.8CVE-2013-2070
markus_blaschke -- tq_seoCross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.2013-07-196.8CVE-2013-4871
mcafee -- epolicy_orchestratorMultiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.2013-07-226.5CVE-2013-4882
mcafee -- epolicy_orchestratorMultiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.2013-07-224.3CVE-2013-4883
microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.2013-07-266.9CVE-2013-4015
nashtech -- easy_php_calendarMultiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2013-07-194.3CVE-2013-1955
swfupload_project -- swfuploadCross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.2013-07-194.3CVE-2012-3414
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
hp -- system_management_homepageUnspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676.2013-07-222.1CVE-2013-2362
hp -- system_management_homepageCross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2013-07-223.5CVE-2013-2364
ibm -- star_command_centerMultiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2013-07-253.5CVE-2013-3979
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top