(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近40 - 65的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群最近40 - 65的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年:星期五,2001年7月27日03:01:44(美国东部时间)
- 交货日期:2001年7月27日03:01:48星期五
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出了集群——65年由编辑委员会审查和投票。名称:最近- 65描述:候选人宣布5/2/2001与5/31/2001大小:40通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0559 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0559最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010507使得cron脆弱性参考:网址:http://www.securityfocus.com/archive/1/183029参考:DEBIAN: dsa - 054参考:网址:http://www.debian.org/security/2001/dsa - 054参考:曼德拉草:MDKSA-2001:050参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 050. - php3参考:SUSE: SuSE-SA: 2001:17参考:网址:http://www.suse.de/de/support/security/2001_017_cron_txt.txt参考:报价:2687参考:网址:http://www.securityfocus.com/bid/2687参考:XF: vixie-cron-gain-privileges参考:网址:http://xforce.iss.net/static/6508.php使得cron 3.0.1 crontab,早些时候不适当放弃特权解析失败后,修改操作,可以让本地攻击者获得更多的特权,当一个编辑器来纠正这个错误。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0559 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0567网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0567最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:确认:http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert参考:DEBIAN: dsa - 055参考:网址:http://www.debian.org/security/2001/dsa - 055参考:曼德拉草:MDKSA-2001:049参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 049. - php3参考:REDHAT: RHSA-2001:065参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 065. - html数字作品2.3.2 Zope和允许本地攻击者获得更多的特权早些时候通过改变ZClass ZClass许可映射对象和方法。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0567 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0621网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0621最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:思科:20010517思科内容服务开关11000系列FTP引用:网址:http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml参考:XF: cisco-css-ftp-commands(6557)参考:网址:http://xforce.iss.net/static/6557.phpFTP服务器在思科内容服务11000系列交换机(CSS)之前WebNS 4.01 b23和WebNS 4.10十三区最允许攻击者是谁FTP用户读取和写入任意文件通过GET或PUT命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0621 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0622网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0622最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:思科:20010531思科内容服务切换11000系列Web引用:网址:http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml思科的网络管理服务内容服务11000系列交换机(CSS)之前WebNS 4.01 b29s或WebNS 4.10 b17允许远程攻击者获得更多特权直接请求web管理URL而不是浏览界面。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0622 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0628网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0628最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:MSKB: Q274228参考:网址:http://support.microsoft.com/support/kb/articles/Q274/2/28.asp参考:报价:2760参考:网址:http://www.securityfocus.com/bid/2760参考:XF: word-asd-macro-execution(6614)参考:网址:http://xforce.iss.net/static/6614.phpMicrosoft Word 2000不检查AutoRecovery宏(.asd)文件。这可以允许本地攻击者执行任意宏词的用户的用户ID。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0628 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0629网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0629最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:惠普:hpsbux0107 - 158参考:网址:http://archives.neohapsis.com/archives/hp/2001-q3/0006.html参考:BUGTRAQ: 20010523惠普OpenView NNM v6.1缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0226.html参考:报价:2761参考:网址:http://www.securityfocus.com/bid/2761参考:XF: openview-nnm-ecsd-bo(6582)参考:网址:http://xforce.iss.net/static/6582.php惠普OpenView附带事件相关服务(ecsd)作为网络节点管理器6.1允许远程攻击者获得除了通过缓冲区溢出攻击的特权-restore_config命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0629 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0635网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0635最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:REDHAT: RHSA-2001:058参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 058. - htmlRed Hat Linux 7.1集安全权限交换文件在安装期间创建的,它可以让本地攻击者获得更多的特权从交换文件通过读取敏感信息,比如密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0635 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0522网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0522最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAQ: 20010529 (synnergy) - GnuPG远程格式字符串漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0281.html参考:确认:http://www.gnupg.org/whatsnew.html rn20010529参考:曼德拉草:MDKSA-2001:053参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 053. - php3Gnu隐私保护(GnuPG,即gpg) 1.05和更早的能让攻击者获得更多特权通过恶意加密文件格式化字符串攻击。格式字符串使用原来的名称,加密的文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0522 2供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0523网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0523最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAQ: 20010518 aslabs - 2001 - 01:多种安全问题达SecureIIS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html参考:BUGTRAQ: 20010519 RE: aslabs - 2001 - 01:多种安全问题达SecureIIS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html参考:XF: eeye-secureiis-bypass-detection参考:网址:http://xforce.iss.net/static/6563.php参考:XF: eeye-secureiis-directory-traversal参考:网址:http://xforce.iss.net/static/6564.php达SecureIIS 1.0.3版本和之前允许远程攻击者绕过过滤请求SecureIIS通过转义的HTML字符内的请求,这可能允许远程攻击者使用限制变量和执行目录遍历攻击脆弱的项目,否则受SecureIIS保护。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0523 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0524网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0524最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAQ: 20010518 aslabs - 2001 - 01:多种安全问题达SecureIIS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html参考:BUGTRAQ: 20010519 RE: aslabs - 2001 - 01:多种安全问题达SecureIIS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html参考:XF: eeye-secureiis-http-header-bo(6574)参考:网址:http://xforce.iss.net/static/6574.php达SecureIIS 1.0.3版本和之前不执行长度检查单个HTTP标头,它允许远程攻击者发送任意长度字符串IIS,相反SecureIIS 1.0.3版本和早期的广告功能。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0524 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0525网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0525最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAQ: 20010519 dq 3.2.7利用当地的根。参考网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0193.html参考:BUGTRAQ: 20010519 Re: dq 3.2.7利用当地的根。参考网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0195.html参考:XF: dqs-dsh-bo参考:网址:http://xforce.iss.net/static/6577.phpdsh项目dq 3.2.7在SuSE Linux 7.0和更早的版本,可能还有其他操作系统,允许当地通过缓冲区溢出攻击者获得特权在第一个命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0525 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0527网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0527最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAG: 20010515 DCForum密码文件Manipukation脆弱性(qDefense咨询号码qdav - 5 - 2000 - 2)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.html参考:确认:http://www.dcscripts.com/dcforum/dcf万博下载包News/167.html参考:XF: dcforum-cgi-admin-access(6538)参考:网址:http://xforce.iss.net/static/6538.phpDCScripts DCForum版本2000年早些时候,允许远程攻击者获得更多的特权,将管道符(|)和换行插入到姓登记表,将登记数据库中创建一个额外的条目。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0527 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0528网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0528最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAQ: 20010507甲骨文的ADI 7.1.1.10.1重大安全漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0044.html参考:BUGTRAQ: 20010522漏洞在Oracle电子商务套件版本11我应用程序桌面积分器引用:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0223.html参考:报价:2694参考:网址:http://www.securityfocus.com/bid/2694参考:XF: oracle-adi-plaintext-passwords(6501)参考:网址:http://xforce.iss.net/static/6501.phpOracle电子商务套件版本11我应用程序桌面积分器(ADI) version 7。x包括FNDPUB11I的调试版本。DLL,日志应用程序在调试模式密码明文文件,它允许本地用户获取密码,获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0528 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0530网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0530最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAQ: 20010528漏洞中发现矛头NetGap参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0256.html参考:BUGTRAQ: 20010607先锋安全NetGAP参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-06/0047.html参考:报价:2798参考:网址:http://www.securityfocus.com/bid/2798参考:XF: netgap-unicode-bypass-filter参考:网址:http://xforce.iss.net/static/6625.php矛头NetGAP 200年和300年之前建造78允许远程攻击者绕过文件屏蔽和内容检查通过特殊编码的url,包括“%”字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0530 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0574网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0574最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010507 MP3Mystic参考咨询:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0046.html参考:确认:http://mp3mystic.com/mp3mystic/万博下载包news.phtml参考:XF: mp3mystic-dot-directory-traversal(6504)参考:网址:http://xforce.iss.net/static/6504.php参考:报价:2699参考:网址:http://www.securityfocus.com/bid/2699目录遍历脆弱性MP3Mystic之前1.04 b3允许远程攻击者通过“任意文件下载. .(点点)的URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0574 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0611网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0611最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010514贝基!2.00.05缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0089.html参考:报价:2723参考:网址:http://www.securityfocus.com/bid/2723参考:XF: becky-mail-message-bo(6531)参考:网址:http://xforce.iss.net/static/6531.php贝基!2.00.05早些时候,允许远程攻击者是否可以获得额外的权限通过缓冲区溢出攻击长消息没有换行字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0611 2供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0615网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0615最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010525自由泳聊天服务器参考咨询:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html参考:报价:2776参考:网址:http://www.securityfocus.com/bid/2776参考:XF: freestyle-chat-directory-traversal(6601)参考:网址:http://xforce.iss.net/static/6601.php目录遍历脆弱性浮士德信息学自由泳聊天服务器之前4.1 SR3允许远程攻击者读取任意文件通过一个精雕细琢的URL包括变化的. .(点点)攻击等的…”或“....”。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0615 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0616网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0616最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010525自由泳聊天服务器参考咨询:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html参考:报价:2777参考:网址:http://www.securityfocus.com/bid/2777参考:XF: freestyle-chat-device-dos(6602)参考:网址:http://xforce.iss.net/static/6602.php浮士德信息学自由泳聊天服务器之前4.1 SR3允许远程攻击者创建一个拒绝服务通过一个URL请求,其中包括一个ms - dos设备名称(例如,/辅助HTTP / 1.0)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0616 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0519网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0519最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAQ: 20010529阿拉丁eSafe网关过滤绕过-更新咨询参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0282.html参考:XF: esafe-gateway-bypass-filtering(6580)参考:网址:http://xforce.iss.net/static/6580.php阿拉丁eSafe网关版本2。x允许远程攻击者绕过HTML脚本过滤通过特殊安排的HTML标记,包括脚本标记嵌入到其他脚本标签。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0519 3供应商确认:未知discloser-claimed内容决定:SF-LOC CF: SF-LOC建议创建单独的人选问题,出现在不同的版本中,这一主张保持可以分开- 2001 - 0519 - 2001 - 0520,- 2001 - 0521(这本身是由不同的应用程序的CD: SF-LOC)。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0520网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0520最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAQ: 20010529阿拉丁eSafe网关脚本过滤旁路通过HTML标记引用:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0284.html参考:XF: esafe-gateway-bypass-filtering(6580)参考:网址:http://xforce.iss.net/static/6580.php阿拉丁eSafe网关3.0和更早的版本允许远程攻击者绕过过滤脚本标记通过嵌入的脚本在某些HTML标记包括(1)onload BODY标签,(2)href标签,标签(3)按钮,输入标签,(4)或(5)任何其他脚本可以定义的标签。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0520 3供应商确认:未知discloser-claimed内容决定:SF-LOC CF: SF-LOC建议创建单独的人选问题,出现在不同的版本中,这一主张保持可以分开- 2001 - 0519 - 2001 - 0520 - 2001 - 0521。CD: SF-LOC也表明分离不同类型在同一版本的问题。- 2001 - 0520是信息隐藏可以通过操纵标签值,同时可以通过编码- 2001 - 0521涉及模糊,“似乎”像一个不同的漏洞类型。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0521网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0521最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAQ: 20010529阿拉丁eSafe网关脚本过滤通过Unicode绕过漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0285.html参考:XF: esafe-gateway-bypass-filtering(6580)参考:网址:http://xforce.iss.net/static/6580.php阿拉丁eSafe网关3.0和更早的版本允许远程攻击者绕过HTML脚本过滤通过UNICODE编码脚本标记的HTML文档中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0521 3供应商确认:未知discloser-claimed内容决定:SF-LOC CF: SF-LOC建议创建单独的人选问题,出现在不同的版本中,这一主张保持可以分开- 2001 - 0519 - 2001 - 0520 - 2001 - 0521。CD: SF-LOC也表明分离不同类型在同一版本的问题。- 2001 - 0520是信息隐藏可以通过操纵标签值,同时可以通过编码- 2001 - 0521涉及模糊,“似乎”像一个不同的漏洞类型。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0526网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0526最终决定:阶段性裁决:修改:建议:20010727分配:20010618类别:科幻参考:BUGTRAQ: 20010528 (synnergy) - Solaris mailtool(1)缓冲区溢出漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0258.html参考:XF: solaris-mailtool-openwinhome-bo(6626)参考:网址:http://xforce.iss.net/static/6626.php缓冲区溢出在Solaris mailtool 8和早期版本可以允许本地攻击者获得特权通过OPENWINHOME环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0526 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0557网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0557最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010507咨询Jana服务器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html参考:XF: jana-server-directory-traversal(6513)参考:网址:http://xforce.iss.net/static/6513.php参考:报价:2703参考:网址:http://www.securityfocus.com/bid/2703t·豪Jana 1.46和更早的网络服务器,远程攻击者可以查看任意文件通过一个“. .(点点)攻击是URL编码(% 2 e % 2 e)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0557 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0558网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0558最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010507咨询Jana服务器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html参考:XF: jana-server-device-dos(6521)参考:网址:http://xforce.iss.net/static/6521.php参考:报价:2704参考:网址:http://www.securityfocus.com/bid/2704t·豪Jana网络服务器2.01 beta 1,允许远程攻击者创建一个早些时候拒绝服务通过一个URL请求,其中包括一个ms - dos设备名称(例如GET /辅助HTTP / 1.0)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0558 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0561网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0561最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010507 A1Stats参考咨询:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.html参考:报价:2705参考:网址:http://www.securityfocus.com/bid/2705参考:XF: a1stats-dot-directory-traversal(6503)参考:网址:http://xforce.iss.net/static/6503.php目录遍历脆弱性Drummond英里A1Stats之前1.6允许远程攻击者读取任意文件通过一个“. .”(点点)在(1)a1disp2攻击。(2)a1disp3 cgi。cgi,或(3)a1disp4.cgi。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0561 3供应商确认:未知的内容决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0562网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0562最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010507 A1Stats参考咨询:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.html参考:报价:2705参考:网址:http://www.securityfocus.com/bid/2705参考:XF: a1stats-a1admin-dos(6505)参考:网址:http://xforce.iss.net/static/6505.phpa1disp。cgi程序在德拉蒙德英里A1Stats之前1.6允许远程攻击者通过精雕细琢的URL,包括执行命令shell元字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0562 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0563网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0563最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010507咨询Electrocomm 2.0参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0049.html参考:XF: electrocomm-telnet-dos(6514)参考:网址:http://xforce.iss.net/static/6514.php参考:报价:2706参考:网址:http://www.securityfocus.com/bid/2706ElectroSystems工程有限公司ElectroComm 2.0和更早的允许远程攻击者创建一个拒绝服务通过大型(> 160000字符)字符串发送到端口23。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0563 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0565网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0565最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010502 Solaris mailx脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0016.html参考:XF: mailx-bo(6181)参考:网址:http://xforce.iss.net/static/6181.php缓冲区溢出在Solaris mailx早8和允许本地攻击者获得更多特权通过长命令行选项“- f”。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0565 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0566网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0566最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010503 Cisco Catalyst 2900 xl崩溃与空UDP数据包SNMP是禁用的。参考网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0040.html参考:XF: cisco-catalyst-udp-dos(6515)参考:网址:http://xforce.iss.net/static/6515.phpCisco Catalyst 2900 xl开关允许远程攻击者创建一个拒绝服务通过一个空的UDP数据包发送到端口161 (SNMP)当SNMP是禁用的。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0566 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0570网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0570最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010503小型计算机利用参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 067. - html参考:REDHAT: RHSA-2001:067参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 067. - html参考:火山口:综援- 2001 - 016.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2001 016.0.txt参考:BUGTRAQ: 20010517 Immunix小型计算机操作系统安全更新参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=99014300904714&w=2参考:XF: minicom-xmodem-format-string(6498)参考:网址:http://xforce.iss.net/static/6498.php小型计算机1.83.1早些时候,允许本地攻击者获得更多特权通过大量格式化字符串攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0570 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0580网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0580最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 200105007 Vdns参考咨询:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0050.html休斯技术虚拟DNS (VDNS)服务器1.0允许远程攻击者创建一个拒绝服务连接到端口6070,发送一些数据,关闭连接。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0580 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0581网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0581最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010507间谍网聊天参考咨询:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0051.html参考:XF: spynet-connection-dos(6509)参考:网址:http://xforce.iss.net/static/6509.php参考:报价:2701参考:网址:http://www.securityfocus.com/bid/2701Spytech间谍网聊天服务器6.5允许远程攻击者创建一个拒绝服务(崩溃)通过大量的(> 100)连接到端口6387。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0581 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0582网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0582最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010503漏洞CrushFTP服务器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0036.html参考:XF: crushftp-directory-traversal(6495)参考:网址:http://xforce.iss.net/static/6495.php本总值CrushFTP FTP服务器2.1.6和允许本地攻击者访问arbtrary文件早些时候通过的. .”(点点)攻击,或者变化,(1),(2)CD, NLST (3), (4), (5) RETR。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0582 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0612网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0612最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010516远程桌面DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html参考:XF: remote-desktop-dos(6547)参考:网址:http://xforce.iss.net/static/6547.php参考:报价:2726参考:网址:http://www.securityfocus.com/bid/27263.0和更早的McAfee远程桌面允许远程攻击者创建一个拒绝服务(崩溃)通过大量的数据包到端口5045。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0612 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0613网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0613最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010515 OmniHTTPd Pro拒绝服务漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html参考:XF: omnihttpd-post-dos(6540)参考:网址:http://xforce.iss.net/static/6540.php参考:报价:2730参考:网址:http://www.securityfocus.com/bid/2730Omnicron技术OmniHTTPD 2.08和更早的专业允许远程攻击者创建一个拒绝服务通过一个长(> 4111字节)发布URL请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0613 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0614网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0614最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010514 def - 2001 - 25: Carello电子商务任意命令执行参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98991352402073&w=2参考:XF: carello-url-code-execution(6532)参考:网址:http://xforce.iss.net/static/6532.php早些时候Carello电子商务1.2.1和允许远程攻击者获得更多的特权和执行任意命令通过一个专门搭建的URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0614 3供应商确认:未知没有细节确实提到过的URL。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0617网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0617最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010514 Cable-Router AR220e Portmapper安全缺陷参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0125.html参考:XF: telesyn-portmapper-access-services(6560)参考:网址:http://xforce.iss.net/static/6560.php安奈特AT-AR220e电缆/ DSL路由器固件1.08 RC14 portmapper和“虚拟服务器”启用允许远程攻击者获取映射服务即使单一portmappings可能被禁用。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0617 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0625网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0625最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010525安全漏洞InoculateIT Linux (fwd)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0245.html参考:XF: inoculateit-ftpdownload-symlink(6607)参考:网址:http://xforce.iss.net/static/6607.php参考:报价:2778参考:网址:http://www.securityfocus.com/bid/2778ftpdownload在计算机协会InoculateIT 6.0允许本地攻击者通过符号链接攻击覆盖任意文件/ tmp / ftpdownload。日志。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0625 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0627网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0627最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010522 (SRT2001-09) - vi和crontab - e / tmp问题参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0220.html参考:报价:2752参考:网址:http://www.securityfocus.com/bid/2752vi与上海合作组织包括OpenServer 5.0 - 5.0.6允许本地攻击者通过符号链接攻击覆盖任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0627 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0630网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0630最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:在viewsrc BUGTRAQ: 20010523漏洞。cgi参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0231.html参考:报价:2762参考:网址:http://www.securityfocus.com/bid/2762目录遍历脆弱性MIMAnet viewsrc。cgi 2.0允许远程攻击者读取任意文件通过一个“. .”(点点)攻击的loc”变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0630 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群最近- 64 - 21的候选人
- 下一个按日期:(提案)集群最近- 66 - 34的候选人
- Prev线程:(提案)集群最近- 64 - 21的候选人
- 下一个线程:(提案)集群最近- 66 - 34的候选人
- 指数(es):
