Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.105550 |
Categoría: | F5 Local Security Checks |
Título: | F5 BIG-IP - libXML2 vulnerabilities CVE-2015-7941 and CVE-2015-7942 |
Resumen: | The remote host is missing a security patch. |
Descripción: | Summary: The remote host is missing a security patch. Vulnerability Insight: libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Vulnerability Impact: CVE-2015-7941libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.CVE-2015-7942The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-7941 BugTraq ID: 74241 http://www.securityfocus.com/bid/74241 Debian Security Information: DSA-3430 (Google Search) http://www.debian.org/security/2015/dsa-3430 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html https://security.gentoo.org/glsa/201701-37 HPdes Security Advisory: HPSBGN03537 http://marc.info/?l=bugtraq&m=145382616617563&w=2 http://www.openwall.com/lists/oss-security/2015/10/22/5 http://www.openwall.com/lists/oss-security/2015/10/22/8 RedHat Security Advisories: RHSA-2015:2549 http://rhn.redhat.com/errata/RHSA-2015-2549.html RedHat Security Advisories: RHSA-2015:2550 http://rhn.redhat.com/errata/RHSA-2015-2550.html RedHat Security Advisories: RHSA-2016:1089 http://rhn.redhat.com/errata/RHSA-2016-1089.html http://www.securitytracker.com/id/1034243 SuSE Security Announcement: openSUSE-SU-2015:2372 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html SuSE Security Announcement: openSUSE-SU-2016:0106 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html http://www.ubuntu.com/usn/USN-2812-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7942 http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html BugTraq ID: 79507 http://www.securityfocus.com/bid/79507 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |