DOCSLIB.ORG

Vulnerability Summary for the Week of March 31, 2014

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Vulnerability Summary for the Week of March 31, 2014 Vulnerability Summary for the Week of March 31, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity alliedtelesis ** at*rg+,-a The administrative interface in .llied Telesis .T* 2014-03-31 10.0 CVE-2014-1982 /0+,-. .&'L 1roadband router ,.32, iM0+3-. firmware ,.5, iM0+5+LH firmware 3.4, and iM0+-+1D firmware ,.5 allows remote attac$ers to gain #rivileges and e6ecute arbitrary commands via a direct re7uest to cli.html. androidsu ** 9ntrusted search #ath vulnerability in the 2014-03-31 10.0 CVE-2013-6774 chainsdd_su#eruser hainsDD 'u#eruser #ac$age ,.1.3 for .ndroid -.3.x and earlier, yanogenMod/ loc$;or$Mod:<oush 'u#eruser #ac$age 5.=.2.1 for .ndroid -.2.x and earlier, and hainfire 'u#er'9 #ac$age before 5.6> for .ndroid -.2.x and earlier allows attac$ers to load an arbitrary .jar file and gain #rivileges via a crafted 1OOT L.''P.TH environment variable for a :system:6bin:su #rocess. NOTE: another researcher was unable to re#roduce this with hainsDD 'u#eruser. autodes$ ** s$etchbook Hea#*based buffer overflow in .utodes$ 2014-04-02 9.3 CVE-2013-5365 '$etch1ook for Enter#rise 3=5-, Pro, and "6#ress before +.24, and opic Edition before 3.0.2 allows remote attac$ers to e6ecute arbitrary code via /L"*com#ressed channel data in a P'& file. ca ** erwin8web8#ortal Multi#le directory traversal vulnerabilities in . 2014-04-04 7.5 CVE-2014-2210 "/win ;eb Portal >.5 allow remote attac$ers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or #ossibly e6ecute arbitrary code via uns#ecified vectors. cart#au? ** mingle*forum Multi#le 'QL in?ection vulnerabilities in 2014-04-02 7.5 CVE-2013-0735 wpf.class.ph# in the Mingle Borum #lugin before 5.=.3- for ;ordPress allow remote attac$ers to e6ecute arbitrary 'QL commands via the id #arameter in a viewtopic (5) remove8#ost, (3) stic$y, or (,) closed action or (-) thread #arameter in a #ostre#ly action to inde6.ph#. chainfire ** su#ersu The hainfire 'u#er'9 #ac$age before 5.6> for 2014-03-31 10.0 CVE-2013-6775 .ndroid allows attac$ers to gain #rivileges via the (5) bac$tic$ or (3) C() type of shell metacharacters in the *c option to :system:6bin:su. chec$#oint ** Multi#le uns#ecified vulnerabilities in hec$ 2014-04-01 10.0 CVE-2013-7350 security_gateway Point 'ecurity 0ateway D= /E5.x before /E5.44 (E,=54>5-5) and /E4.2=.x before /E4.2=.4 and +== and 55== a##liances /E4.2=.x before /E4.2=.43 have un$nown im#act and attac$ vectors related to Fim#ortant security fi6es." coreft# ** core8ft# 'tac$*based buffer overflow in ore BTP before 2014-04-04 9.3 CVE-2013-3930 3.3 build 5ED4 allows remote BTP servers to e6ecute arbitrary code via a crafted directory name in a ;D command re#ly. crowbar ** barclam# 1arclam# (a$a barclam#*networ$) 5.7 for the 2014-04-04 7.5 CVE-2014-0592 rowbar Bramewor$, as used in '9'E loud ,, does not enable netfilter on bridges when creating new instances, which allows remote attac$ers to by#ass security grou# restrictions via uns#ecified vectors, related to floating %Ps. emc ** Directory traversal vulnerability in EM !PL"G 2014-04-01 9.0 CVE-2014-0632 vple68geosynchrony 0eoSynchrony -.x and 4.x before 4.3 allows remote authenticated users to e6ecute arbitrary code via uns#ecified vectors. emc ** The 09% in EM !PL"G 0eoSynchrony -.x and 4.x 2014-04-01 7.7 CVE-2014-0633 vple68geosynchrony before 4.3 does not #roperly validate session* timeout values, which might ma$e it easier for remote attac$ers to e6ecute arbitrary code by leveraging an unattended wor$station. emc ** 'ession fi6ation vulnerability in EM !PL"G 2014-04-01 7.5 CVE-2014-0635 vple68geosynchrony 0eoSynchrony -.x and 4.x before 4.3 allows remote attac$ers to hi?ac$ web sessions via uns#ecified vectors. horde ** The framewor$:9til/lib:Horde:!ariables.ph# 2014-04-01 7.5 CVE-2014-1691 horde8a##lication8frame scri#t in the 9til library in Horde before 4.1.1 wor$ allows remote attac$ers to conduct ob?ect in?ection attac$s and e6ecute arbitrary PHP code via a crafted serialized ob?ect in the 8formvars form. h# ** 9ns#ecified vulnerability in HP 'toreOnce !irtual 2014-03-28 7.8 CVE-2013-6211 storeonce83+5=8iscsi8bac 'torage .##liance (!'.) before ,.E.2, 'toreOnce $u#8system 3+66 and -35= i' '% 1ac$u# 'ystem before ,.9.=, 'toreOnce -35= B 1ac$u# 'ystem before ,.>.0, and 'toreOnce -666 1ac$u# 'ystem before ,.9.0 allows remote attac$ers to obtain sensitive information or cause a denial of service via un$nown vectors. ibm ** %1M '.N !olume ontrollerH 'torwize !,4==, 2014-03-28 7.5 CVE-2014-0880 fle68system8v7===8softw !,E==, !4===, and !E===H and Ble6 'ystem are !E=== with software +.3 and +.4 before +.4.1.8, and E.1 and E.2 before E.3.0.3, allow remote attac$ers to obtain L% access, and conse7uently cause a denial of service, via uns#ecified traffic to the administrative %P address. ?gaa ** warft#d 9ns#ecified vulnerability in ;ar BTP Daemon 2014-03-31 10.0 CVE-2013-2278 (warft#d) 5.83, when running as a ;indows service, allows remote attac$ers to cause a denial of service (crash) and #ossibly e6ecute arbitrary code via un$nown vectors related to log messages and the Finternal log handler to the ;indows "vent log." $oushi$8dutta ** The yanogenMod/ loc$;or$Mod:<oush 2014-03-31 10.0 CVE-2013-6769 su#eruser 'u#eruser #ac$age 5.0.2.1 for .ndroid allows attac$ers to gain #rivileges via shell metacharacters in the *c option to :system:6bin:su. $oushi$8dutta ** The yanogenMod/ loc$;or$Mod:<oush 2014-03-31 7.6 CVE-2013-6770 su#eruser 'u#eruser #ac$age 5.0.2.1 for .ndroid -.3 and -.- does not #ro#erly restrict the set of users who can e6ecute :system:6bin:su with the **daemon option, which allows attac$ers to gain #rivileges by leveraging .&1 shell access and a certain Linu6 9%D, and then creating a Trojan horse scri#t. linu6 ** linu68$ernel /ace condition in the ath8t68aggr8slee# 2014-04-01 7.1 CVE-2014-2672 function in drivers:net:wireless:ath:ath>$:6mit.c in the Linu6 $ernel before ,.1,.7 allows remote attac$ers to cause a denial of service (system crash) via a large amount of networ$ traffic that triggers certain list deletions. raoul_#roenca ** gnew Multi#le 'QL in?ection vulnerabilities in 0new 2014-03-31 7.5 CVE-2013-5640 3=5,.1 allow remote attac$ers to e6ecute arbitrary 'AL commands via the (5) answer8id or (3) 7uestion8id #arameter to #olls:vote.ph#, (,) story_id #arameter to comments:add.ph# or (-) comments:edit.ph#, or (4) thread_id #arameter to #osts:add.ph#. NOTE: this issue was 'PL%T due to differences in researchers and disclosure dates. !"*3=5,*E,-> already covers the news8id #arameter to news:send.ph#, user8email #arameter to users:register.ph#, and thread_id to #osts:edit.ph# vectors. raoul_#roenca ** gnew Multi#le 'QL in?ection vulnerabilities in 0new 2014-03-31 7.5 CVE-2013-7349 3=5,.1 allow remote attac$ers to e6ecute arbitrary 'AL commands via the (5) news8id #arameter to news:send.ph#, (3) thread_id #arameter to #osts:edit.ph#, or (,) user8email #arameter to users:#assword.ph# or (-) users:register.ph#. NOTE: these issues were 'PL%T from !"*3=5,*4+-= due to differences in researchers and disclosure dates. samsung ** $ies 1uffer overflow in the Pre#are'ync method in 2014-04-04 10.0 CVE-2012-6429 the 'ync'ervice.dll .ctiveG control in 'amsung <ies before 3.5.1.1353,838E allows remote attac$ers to e6ecute arbitrary code via a long string to the #assword argument. schneider*electric ** Multi#le stac$*based buffer overflows in 2014-04-01 9.3 CVE-2013-0662 conce#t ModbusDrv.e6e in 'chneider Electric Modbus 'erial Driver 5.1= through ,.2 allow remote attac$ers to e6ecute arbitrary code via a large buffer*size value in a Modbus .##lication Header. schneider*electric ** Multi#le buffer overflows in the OP .utomation 2014-04-04 7.8 CVE-2014-0789 opc8factory_server8tlxcdl 3.= 'erver Ob?ect .ctiveG control in 'chneider fofs Electric OP Bactory 'erver (@B') TLG &'9@B',, ,.4 and earlier, TLG &'T@B',, ,.5 and earlier, TLG DL9@B',, ,.4 and earlier, TLG DLT@B',, ,.4 and earlier, and TLG DLB@B',, ,.5 and earlier allow remote attac$ers to cause a denial of service via long arguments to uns#ecified functions. sonatype ** ne6us 9ns#ecified vulnerability in 'onatype Ne6us @'' 2014-03-31 7.5 CVE-2014-2034 and Pro 3.4.0 through 3.E.1 allows attac$ers to create arbitrary user accounts via un$nown vectors related to Fan unauthenticated e6ecution #ath." symantec ** The forgotten*#assword feature in 2014-03-28 7.5 CVE-2014-1644 liveu#date8administrator force#asswd.do in the management 09% in 'ymantec Live9#date .dministrator (L9.) 3.x before 3.3.3.15= allows remote attac$ers to reset arbitrary #asswords by #roviding the e*mail address associated with a user account.
Load more

Recommended publications
  • Appendix a the Ten Commandments for Websites
    Appendix A The Ten Commandments for Websites Welcome to the appendixes! At this stage in your learning, you should have all the basic skills you require to build a high-quality website with insightful consideration given to aspects such as accessibility, search engine optimization, usability, and all the other concepts that web designers and developers think about on a daily basis. Hopefully with all the different elements covered in this book, you now have a solid understanding as to what goes into building a website (much more than code!). The main thing you should take from this book is that you don’t need to be an expert at everything but ensuring that you take the time to notice what’s out there and deciding what will best help your site are among the most important elements of the process. As you leave this book and go on to updating your website over time and perhaps learning new skills, always remember to be brave, take risks (through trial and error), and never feel that things are getting too hard. If you choose to learn skills that were only briefly mentioned in this book, like scripting, or to get involved in using content management systems and web software, go at a pace that you feel comfortable with. With that in mind, let’s go over the 10 most important messages I would personally recommend. After that, I’ll give you some useful resources like important websites for people learning to create for the Internet and handy software. Advice is something many professional designers and developers give out in spades after learning some harsh lessons from what their own bitter experiences.
    [Show full text]
  • Cyber WAR 2019-05-13.Pdf
    05-13 Weekly Awareness Report (WAR) May 13, 2019 The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at both business and political targets. Attack vectors include system compromise, social engineering, and even traditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk. Summary Symantec ThreatCon Low: Basic network posture This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used. Sophos: last 10 Malware Last 10 PUAs * Troj/Stealer-PA * Somoto BetterInstaller * Troj/Stealer-PB * XMRig Miner * Troj/DocDrp-HT * Adposhel * Troj/Trickbo-QX * Download Assistant * Troj/PShlBat-Z * AdvancedMacCleaner * Java/Adwind-FEI * Advanced Mac Tuneup * Java/Adwind-FEH * KuaiZip * Java/Adwind-FEG * IStartSurfInstaller * Java/Adwind-FEF * PowerTool * Troj/BokBot-S * DealPly Updater Interesting News * The 2019 DBIR is out We are happy to support a large, voluntary, collaborative effort like the 2019 Data Breach Investigations Report. While our data contribution is completely anonymous, it is based in some of the 2018 data set that our private report customers receive. * * The IWC Cyber Range is scheduled to release a new version May 1st. Ghidra and Grass Marlin are now installed along with several more Red/Blue Team tools. If you are interested, we have an active FaceBook Group and YouTube Channel.
    [Show full text]
  • Download Apps That Augment Existing Features
    Knowbil·ty The Impact of Dig"tal Accessib"l"ty Innovations on Users' Exper"ence A Survey Conducted by G3ict and Knowbility or Participants of the Sth M-Enabling Summit Washington , D.C. June 17-19, 2019 The Impact of Digital Accessibility Innovations on Users’ Experience A Survey Conducted by G3ict and Knowbility th in the Occasion of the 8 M-Enabling Summit Washington, D.C. June 17-19, 2019 Contents Background .............................................................................................................................................. 4 Motivating Factors for Digital Accessibility Innovation ....................................................................4 Digital Accessibility Innovation and User Experience ......................................................................5 Methodology ............................................................................................................................................ 6 Survey Findings and Analysis ................................................................................................................... 6 1. Assistive technologies and accommodations respondents use in digital space ............................7 Types of Assistive Technologies or disability accommodations respondents most familiar with. ....... 7 Technologies used by respondents to read and understand output from their computer ................. 7 Types of screen or voice readers used by respondents........................................................................ 8 Technologies
    [Show full text]
  • Mcafee Foundstone Fsl Update
    2017-APR-13 FSL version 7.5.912 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 21505 - Novell eDirectory Multiple Components Vulnerability Prior To 8.8 SP8 Patch 9 HotFix 2 Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Risk Level: High CVE: CVE-2017-5186 Description A Vulnerability is present in some versions of Novell (NetIQ) eDirectory. Observation Novell (NetIQ) eDirectory is an X.500 compatible directory service software for centrally managing access to network resources. A Vulnerability is present in some versions of Novell (NetIQ) eDirectory. The flaw is because of multiple components using embedded certificate over SSL to connect to Sentinel Servers instead of using eDirectory certificates. Successful exploitation could allow a malicious user to cause an unspecified impact. 163322 - Oracle Enterprise Linux ELSA-2017-0893 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2016-10229, CVE-2017-2668 Description The scan detected that the host is missing the following update: ELSA-2017-0893 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2017-April/006824.html OEL6 x86_64 389-ds-base-devel-1.2.11.15-91.el6_9 389-ds-base-libs-1.2.11.15-91.el6_9 389-ds-base-1.2.11.15-91.el6_9 i386 389-ds-base-devel-1.2.11.15-91.el6_9 389-ds-base-libs-1.2.11.15-91.el6_9 389-ds-base-1.2.11.15-91.el6_9 21575 - (VMSA-2017-0005) VMware Fusion Out Of Bounds Memory Access Vulnerability Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-4901 Description A vulnerability is present in some versions of VMware Fusion.
    [Show full text]
  • Informe Sobre El Estado Del Arte De Fuentes Abiertas En La Empresa Española
    Resumen ejecutivo_1 2009 Hace muy pocos años habría podido sonar a ciencia ficción que España fuese un referente en el uso e implantación del Software de Fuentes Abiertas. Hoy es una realidad, y esto es consustancial al desarrollo de la propia Sociedad en Red, porque la Sociedad de la Información es cada vez más participativa, más colaborativa, en definitiva: más abierta. Desde las administraciones públicas, somos conscientes de la importancia de una política global e impulsora del Software Libre en España, y por eso desde la Secretaría de Estado de Telecomunicaciones y para la Sociedad de la Información junto con red.es, hemos apoyado la creación de un Centro Nacional de Referencia en materia de software libre y fuentes abiertas, como es CENATIC. CENATIC es el proyecto estratégico del Gobierno de España para posicionar a nuestro país como referente en estas tecnologías, igual que lo somos ya en muchos otros. Nació con una clara EN LA EMPRESA ESPAÑOLA. vocación: ser un impulsor de proyectos, un receptor de iniciativas y, sobre todo, un difusor de las ventajas del Software de Fuentes Abiertas. Porque el uso de estas tecnologías también tiene destacados efectos sobre las empresas y la economía, además de implicar un modelo de desarrollo empresarial sostenible basado en la cooperación, la innovación, la transferencia de información y conocimiento, y la excelencia. Anteriormente, se habían realizado otros estudios que ahondaban en los niveles de uso a nivel global de este tipo de tecnologías, pero no existía hasta la fecha un estudio que permitiera investigar las características estructurales y económicas de las empresas españolas del sector TIC FUENTES ABIERTAS que desarrollan actividades y servicios basados SFA, así como los beneficios, oportunidades y barreras del modelo de software de fuentes abiertas en las empresas españolas usuarias de estas tecnologías.
    [Show full text]
  • Application of Open-Source Enterprise Information System Modules: an Empirical Study
    University of Nebraska - Lincoln DigitalCommons@University of Nebraska - Lincoln Dissertations, Theses, and Student Research from the College of Business Business, College of Summer 7-20-2010 APPLICATION OF OPEN-SOURCE ENTERPRISE INFORMATION SYSTEM MODULES: AN EMPIRICAL STUDY Sang-Heui Lee University of Nebraska-Lincoln Follow this and additional works at: https://digitalcommons.unl.edu/businessdiss Part of the Management Information Systems Commons, Other Business Commons, and the Technology and Innovation Commons Lee, Sang-Heui, "APPLICATION OF OPEN-SOURCE ENTERPRISE INFORMATION SYSTEM MODULES: AN EMPIRICAL STUDY" (2010). Dissertations, Theses, and Student Research from the College of Business. 13. https://digitalcommons.unl.edu/businessdiss/13 This Article is brought to you for free and open access by the Business, College of at DigitalCommons@University of Nebraska - Lincoln. It has been accepted for inclusion in Dissertations, Theses, and Student Research from the College of Business by an authorized administrator of DigitalCommons@University of Nebraska - Lincoln. APPLICATION OF OPEN-SOURCE ENTERPRISE INFORMATION SYSTEM MODULES: AN EMPIRICAL STUDY by Sang-Heui Lee A DISSERTATION Presented to the Faculty of The Graduate College at the University of Nebraska In Partial Fulfillment of Requirements For the Degree of Doctor of Philosophy Major: Interdepartmental Area of Business (Management) Under the Supervision of Professor Sang M. Lee Lincoln, Nebraska July 2010 APPLICATION OF OPEN-SOURCE ENTERPRISE INFORMATION SYSTEM MODULES: AN EMPIRICAL STUDY Sang-Heui Lee, Ph.D. University of Nebraska, 2010 Advisor: Sang M. Lee Although there have been a number of studies on large scale implementation of proprietary enterprise information systems (EIS), open-source software (OSS) for EIS has received limited attention in spite of its potential as a disruptive innovation.
    [Show full text]
  • Vulnerability Summary for the Week of July 17, 2017
    Vulnerability Summary for the Week of July 17, 2017 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 High Vulnerabilities CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info CVE-2017- 7664 MLIST Uploaded XML documents were not correctly 2017-07- BID(link is apache -- openmeetings validated in Apache OpenMeetings 3.1.0. 17 7.5 external) An issue was discovered in certain Apple CVE-2017- products. iTunes before 12.6.2 on Windows is 7053 affected. The issue involves the "iTunes" BID(link is component. It allows attackers to execute external) arbitrary code in a privileged context via a crafted 2017-07- CONFIRM(lin apple -- itunes app. 20 9.3 k is external) CVE-2017- 7050 An issue was discovered in certain Apple BID(link is products. macOS before 10.12.6 is affected. The external) issue involves the "Bluetooth" component. It SECTRACK(li allows attackers to execute arbitrary code in a nk is external) privileged context or cause a denial of service 2017-07- CONFIRM(lin apple -- mac_os_x (memory corruption) via a crafted app.
    [Show full text]
  • ソフトウェア等の脆弱性関連情報に関する届出状況 [2012 年第 2 四半期(4 月~6 月)] ~ ウェブサイトの管理に利用される Cms もしくは Cms プラグインの脆弱(ぜいじゃく)性に注意 ~
    プレスリリース 2012 年 7 月 23 日 独立行政法人情報処理推進機構 一般社団法人 JPCERT コーディネーションセンター ソフトウェア等の脆弱性関連情報に関する届出状況 [2012 年第 2 四半期(4 月~6 月)] ~ ウェブサイトの管理に利用される CMS もしくは CMS プラグインの脆弱(ぜいじゃく)性に注意 ~ IPA(独立行政法人情報処理推進機構、理事長:藤江 一正)およびJPCERT/CC(一般社団 法人JPCERTコーディネーションセンター、代表理事:歌代 和正)は、2012 年第 2 四半期(4 月~6 月)の脆弱性関連情報の届出状況(*1)をまとめました。 (1)脆弱性の届出件数の累計が 7,752 件に(別紙 1 1.参照) 2012 年第 2 四半期の IPA への脆弱性関連情報の届出件数は 169 件で、内訳はソフトウェア製 品に関するものが 45 件、ウェブサイト(ウェブアプリケーション)に関するものが 124 件でし た。これにより、2004 年 7 月の届出受付開始からの累計は、ソフトウェア製品に関するものが 1,383 件、ウェブサイトに関するものが 6,369 件、合計 7,752 件となりました。 (2)脆弱性の修正完了件数の累計が 4,900 件を超過(別紙 1 2.参照) ソフトウェア製品の脆弱性の届出のうち、JPCERT/CCが調整を行い、製品開発者が修正を完 了し、2012 年第 2 四半期にJVN(*2)で対策情報を公表したものは 33 件(累計 639 件)でした。 また、ウェブサイトの脆弱性の届出のうち、IPAがウェブサイト運営者に通知し、2012 年第 2 四 半期に修正を完了したものは 192 件(累計 4,265 件)でした。これにより、ソフトウェア製品を 含めた脆弱性の修正件数は累計で 4,904 件となりました。 (3)CMS もしくは CMS プラグインの脆弱性(別紙 1 3.参照) 2012 年第 2 四半期に受理し取扱したソフトウェア製品の脆弱性の届出において、届出件数(42 件のうち 9 件)および公表件数(33 件のうち 7 件)のそれぞれ 21%がCMS3もしくはCMSプラグ インの脆弱性でした。 ウェブサイトの管理に利用されている CMS もしくは CMS のプラグインの脆弱性が悪用される と、ウェブサイトの内容が改ざんまたは、任意のプログラムが実行されるなどの被害が発生する 可能性があります。 ウェブサイト運営者は、ウェブサイトにおいて利用されているソフトウェア製品の脆弱性対策 情報を緊密に収集し、適切な脆弱性対策(バージョンアップ等)の実施が必要です。 ■ 本件に関するお問い合わせ先 ■ 報道関係からのお問い合わせ先 IPA 技術本部 セキュリティセンター 渡辺/大森 IPA 戦略企画部広報グループ 横山/佐々木 Tel: 03-5978-7527 Fax: 03-5978-7518 Tel: 03-5978-7503 Fax: 03-5978-7510 E-mail: [email protected] E-mail: [email protected] JPCERT/CC 情報流通対策グループ 古田 JPCERT/CC 事業推進基盤グループ 広報 江田 Tel: 03-3518-4600 Fax: 03-3518-4602 Tel: 03-3518-4600 Fax: 03-3518-4602 E-mail: [email protected] E-mail: [email protected] (*1) ソフトウェア等脆弱性関連情報取扱基準:経済産業省告示 (http://www.meti.go.jp/policy/netsecurity/downloadfiles/vulhandlingG.pdf)に基づき、2004 年 7月より開始しまし た。IPA は届出受付・分析、JPCERT/CC は国内の製品開発者などの関連組織との調整を行っています。 (*2) Japan Vulnerability Notes:脆弱性対策情報ポータルサイト。国内で利用されている製品の脆弱性対策情報を公表 し、システムのセキュリティ対策を支援しています。IPA、JPCERT/CC が共同で運営しています。http://jvn.jp/ (*3) Content Management System:ウェブサイトのコンテンツ(テキストや画像など)を統合的に管理するためのウェブ アプリケーションソフト。 1 別紙 1 2012 年第 2 四半期 ソフトウェア等の脆弱性関連情報に関する届出状況(総括) 1.脆弱性関連情報の届出状況 ~ 脆弱性の届出件数の累計が 7,752 件になり 表 届出件数 ました ~ 1.
    [Show full text]
  • Estudio Comparativo Del Desarrollo De Componentes En
    ESCUELA SUPERIOR POLITÉCNICA DE CHIMBORAZO FACULTAD DE INFORMÁTICA Y ELECTRÓNICA ESCUELA DE INGENIERÍA EN SISTEMAS “ESTUDIO COMPARATIVO DEL DESARROLLO DE COMPONENTES EN SISTEMAS DE ADMINISTRACIÓN DE CONTENIDOS PARA LA IMPLEMENTACIÓN DEL PORTAL WEB DE LA LIBRERÍA MAJOS” TESIS DE GRADO Previa la obtención del título de INGENIERO EN SISTEMAS INFORMÁTICOS Presentado por: CARLOS ARTURO JARA SANTILLÁN VÍCTOR MANUEL OQUENDO CORONADO RIOBAMBA – ECUADOR 2010 El desarrollo del presente proyecto lleva la inmensa gratitud a la Escuela Superior Politécnica de Chimborazo, en especial a la Escuela de Ingeniería en Sistemas, por abrirnos las puertas hacia el conocimiento científico y facilitar todo el equipo tecnológico necesario para la realización de nuestra tesis. A nuestros Maestros Ing. Ms.C. Danilo Pástor, Dr. Julio Santillán, quienes con humildad, sinceridad y responsabilidad, supieron guiarnos e impartir sus valiosos conocimiento. Agradezco a DIOS y a mi Madre DOLOROSA por darme la fortaleza para enfrentar todo obstáculo ante mí presentado, la sabiduría para tomar la mejor decisión y el coraje para no desmayar jamás. Al milagro más grande que me ha dado la vida mi abuelita ELIZABETH por transmitirme ese don de gente y la manera positiva en que toma la adversidad por más duras que esta sea y por ser la única persona que desde siempre en verdad a estado a mi lado. A MERY y JOSÉ mis amados hermanos, por su apoyo incondicional sin importar la distancia ni el tiempo y por su ejemplo de superación y dedicación. A RAFAELITA mi querida sobrina por llenar mi corazón de alegría con su dulzura y ocurrencias. A MIS AMIGOS gracias por formar parte de mi vida, por estar junto a mí cuando más los he necesitado, por enseñarme que un verdadero amigo puede transformarse en un hermano.
    [Show full text]
  • Introduction to Website Designing & Development
    SHREE SATGURUVE NAMAH Introduction to Website Designing & Development (Draft Version) Introduction to Website Designing & Development - 1 - List of Topics • Web-Application Management - An Overview • Web-Application / WebApp - Introduction • List of Web-Programming Language Popularity • What Web-Programming languages are people talking about? • Popular Web-Programming languages – An Overview • Database - Overview • Popular Web-Database Systems – An Overview • Database – Parameters • Application Service Provider (ASP) - What is it about? • Application Service Provider (ASP) - How it works? • Integrated Development Environment (IDE) • Comparison of Integrated Development Environments • Web-Application / WebApp - Development Guide • Before You Code: Part A – Reviewing Hosting Plans Features • Before You Code: Part B – Reviewing Hosting Plans Features • Before You Code: Web Site Basics: Stuff Beginners Need To Know • Before You Code: Database Websites from Scratch • Definition of Framework? • What is Application Framework? • What is Software Framework? • What is Web-Application Framework? • What is Enterprise Architecture Framework? • List of Content Management Frameworks (CMF) • List of Content Management Systems (CMS) • List of Web-application Frameworks • Glossary / Acronym / File Extensions • References • Conclusion Introduction to Website Designing & Development - 2 - Web-Application Management - An Overview - DATA PRESENTATION APPLICATION SERVER DATABASE SERVER Content Management Web-Programming Language Record/Files Management (Client-Side
    [Show full text]