IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities - Nessus
High Plugin ID: 84401This page contains detailed information about the IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.
Plugin Overview
ID: 84401
Name: IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities
Filename: ibm_storwize_1_5_0_2.nasl
Vulnerability Published: 2007-01-03
This Plugin Published: 2015-06-26
Last Modification Time: 2019-11-22
Plugin Version: 1.10
Plugin Type: remote
Plugin Family: Misc.
Dependencies:
ibm_storwize_detect.nbin
Required KB Items [?]: Host/IBM/Storwize/display_name, Host/IBM/Storwize/machine_major, Host/IBM/Storwize/version
Vulnerability Information
Severity: High
Vulnerability Published: 2007-01-03
Patch Published: 2015-07-15
CVE [?]: CVE-2007-6750, CVE-2013-4286, CVE-2013-4322, CVE-2014-0075, CVE-2014-0094, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0178, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-3077, CVE-2014-3493, CVE-2014-4811
CPE [?]: cpe:/a:ibm:san_volume_controller_software, cpe:/a:ibm:storwize_v3500_software, cpe:/a:ibm:storwize_v3700_software, cpe:/a:ibm:storwize_v5000_software, cpe:/a:ibm:storwize_v7000_software, cpe:/a:ibm:storwize_v7000_unified_software, cpe:/h:ibm:san_volume_controller, cpe:/h:ibm:storwize_unified_v7000, cpe:/h:ibm:storwize_v3500, cpe:/h:ibm:storwize_v3700, cpe:/h:ibm:storwize_v5000, cpe:/h:ibm:storwize_v7000
Synopsis
The remote IBM Storwize device is affected by multiple vulnerabilities.
Description
The remote IBM Storwize device is running a version that is 1.3.x prior to 1.4.3.4 or 1.5.x prior to 1.5.0.2. It is, therefore, affected by multiple vulnerabilities :
- A denial of service vulnerability exists due to a flaw in the bundled version of Apache HTTP Server. A remote attacker can exploit this, via partial HTTP requests, to cause a daemon outage, resulting in a denial of service condition. (CVE-2007-6750)
- An HTTP request smuggling vulnerability exists due to a flaw in the bundled version of Apache Tomcat; when an HTTP connector or AJP connector is used, Tomcat fails to properly handle certain inconsistent HTTP request headers. A remote attacker can exploit this flaw, via multiple Content-Length headers or a Content-Length header and a 'Transfer-Encoding: chunked' header, to smuggle an HTTP request in one or more Content-Length headers. (CVE-2013-4286)
- A denial of service vulnerability exists in the bundled version of Apache Tomcat due to improper processing of chunked transfer coding with a large amount of chunked data or whitespace characters in an HTTP header value within a trailer field. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2013-4322)
- A denial of service vulnerability exists due to a flaw in the bundled version of Apache Tomcat; an integer overflow condition exists in the parseChunkHeader() function in ChunkedInputFilter.java. A remote attacker can exploit this, via a malformed chunk size that is part of a chunked request, to cause excessive consumption of resources, resulting in a denial of service condition. (CVE-2014-0075)
- A remote code execution vulnerability exists due to a flaw in the bundled version of Apache Struts. A remote attacker can manipulate the ClassLoader via the class parameter, resulting in the execution of arbitrary Java code. (CVE-2014-0094)
- An XML External Entity (XXE) injection vulnerability exists due to a flaw in the bundled version of Apache Tomcat; an incorrectly configured XML parser accepts XML external entities from an untrusted source via XSLT. A remote attacker can exploit this, by sending specially crafted XML data, to gain access to arbitrary files. (CVE-2014-0096)
- An integer overflow condition exists in the bundled version of Apache Tomcat. A remote attacker, via a crafted Content-Length HTTP header, can conduct HTTP request smuggling attacks. (CVE-2014-0099)
- An information disclosure vulnerability exists due to a flaw in the bundled version of Apache Tomcat. Tomcat fails to properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet. A remote attacker can exploit this, via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, to read arbitrary files. (CVE-2014-0119)
- A flaw exists in a bundled version of Samba due to a flaw in the vfswrap_fsctl() function that is triggered when responding to FSCTL_GET_SHADOW_COPY_DATA or FSCTL_SRV_ENUMERATE_SNAPSHOTS client requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose sensitive information from process memory. (CVE-2014-0178)
- Multiple flaws exist in the bundled version of Mozilla Firefox that allow a remote attacker to execute arbitrary code. (CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)
- An information disclosure vulnerability exists due to the chkauth password being saved in plaintext in the audit log. A local attacker can exploit this to gain administrator access. (CVE-2014-3077)
- A denial of service vulnerability exists due to a flaw in the bundled version of Samba. An authenticated, remote attacker can exploit this, via an attempt to read a Unicode pathname without specifying the use of Unicode, to cause an application crash. (CVE-2014-3493) - A security bypass vulnerability exists due to an unspecified flaw. A remote attacker can exploit this flaw to reset the administrator password to its default value via a direct request to the administrative IP address. Note that this vulnerability only affects the 1.4.x release levels. (CVE-2014-4811)
Solution
Upgrade to IBM Storwize version 1.4.3.4 / 1.5.0.2 or later.
Public Exploits
Target Network Port(s): N/A
Target Asset(s): N/A
Exploit Available: True (Metasploit Framework, Exploit-DB, GitHub, Core Impact)
Exploit Ease: Exploits are available
Here's the list of publicly known exploits and PoCs for verifying the IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities vulnerability:
- Metasploit: exploit/multi/http/struts_code_exec_classloader
[Apache Struts ClassLoader Manipulation Remote Code Execution] - Metasploit: auxiliary/dos/http/slowloris
[Slowloris Denial of Service Attack] - Exploit-DB: exploits/multiple/remote/33142.rb
[EDB-33142: Apache Struts - ClassLoader Manipulation Remote Code Execution (Metasploit)] - Exploit-DB: exploits/multiple/remote/41690.rb
[EDB-41690: Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution (Metasploit)] - GitHub: https://github.com/3vil-Tux/Pentesting-Resources
[CVE-2007-6750] - GitHub: https://github.com/Eutectico/Steel-Mountain
[CVE-2007-6750] - GitHub: https://github.com/GiJ03/ReconScan
[CVE-2007-6750] - GitHub: https://github.com/MrFrozenPepe/Pentest-Cheetsheet
[CVE-2007-6750] - GitHub: https://github.com/RoliSoft/ReconScan
[CVE-2007-6750] - GitHub: https://github.com/SebSundin/THM-Nmap
[CVE-2007-6750] - GitHub: https://github.com/SexyBeast233/SecBooks
[CVE-2007-6750] - GitHub: https://github.com/adamziaja/vulnerability-check
[CVE-2007-6750] - GitHub: https://github.com/binglansky/Slowloris-DOS-Attack
[CVE-2007-6750] - GitHub: https://github.com/giusepperuggiero96/Network-Security-2021
[CVE-2007-6750] - GitHub: https://github.com/h0ussni/pwnloris
[CVE-2007-6750] - GitHub: https://github.com/issdp/test
[CVE-2007-6750] - GitHub: https://github.com/le37/slowloris
[CVE-2007-6750] - GitHub: https://github.com/marcocastro100/Intrusion_Detection_System-Python
[CVE-2007-6750] - GitHub: https://github.com/matoweb/Enumeration-Script
[CVE-2007-6750] - GitHub: https://github.com/murilofurlan/trabalho-seguranca-redes
[CVE-2007-6750] - GitHub: https://github.com/vshaliii/Basic-Pentesting-1-Vulnhub-Walkthrough
[CVE-2007-6750] - GitHub: https://github.com/vshaliii/Cengbox1-Vulnhub-walkthrough
[CVE-2007-6750] - GitHub: https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough
[CVE-2007-6750] - GitHub: https://github.com/vshaliii/FristiLeaks-Vulnhub-Walkthrough
[CVE-2007-6750] - GitHub: https://github.com/vshaliii/Investigator_1-vulnhub-writeup
[CVE-2007-6750] - GitHub: https://github.com/HasegawaTadamitsu/CVE-2014-0094-test-program-for-struts1
[CVE-2014-0094: CVE-2014-0094 test program for struts1] - GitHub: https://github.com/fupinglee/Struts2_Bugs
[CVE-2014-0094]
Before running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity. In any other case, this would be considered as an illegal activity.
WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. These exploits and PoCs could contain malware. For more information, see how to use exploits safely.
Risk Information
CVSS Score Source [?]: CVE-2014-1557
CVSS V2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
CVSS Base Score: | 9.3 (High) |
Impact Subscore: | 10.0 |
Exploitability Subscore: | 8.6 |
CVSS Temporal Score: | 7.7 (High) |
CVSS Environmental Score: | NA (None) |
Modified Impact Subscore: | NA |
Overall CVSS Score: | 7.7 (High) |
Go back to menu.
Plugin Source
This is the ibm_storwize_1_5_0_2.nasl nessus plugin source code. This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(84401);
script_version("1.10");
script_cvs_date("Date: 2019/11/22");
script_cve_id(
"CVE-2007-6750",
"CVE-2013-4286",
"CVE-2013-4322",
"CVE-2014-0075",
"CVE-2014-0094",
"CVE-2014-0096",
"CVE-2014-0099",
"CVE-2014-0119",
"CVE-2014-0178",
"CVE-2014-1555",
"CVE-2014-1556",
"CVE-2014-1557",
"CVE-2014-3077",
"CVE-2014-3493",
"CVE-2014-4811"
);
script_bugtraq_id(
21865,
65767,
65773,
65999,
67667,
67668,
67669,
67671,
67686,
68150,
68814,
68822,
68824,
69771,
69773
);
script_xref(name:"CERT", value:"719225");
script_name(english:"IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities");
script_summary(english:"Checks for vulnerable Storwize versions.");
script_set_attribute(attribute:"synopsis", value:
"The remote IBM Storwize device is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote IBM Storwize device is running a version that is 1.3.x
prior to 1.4.3.4 or 1.5.x prior to 1.5.0.2. It is, therefore, affected
by multiple vulnerabilities :
- A denial of service vulnerability exists due to a flaw
in the bundled version of Apache HTTP Server. A remote
attacker can exploit this, via partial HTTP requests,
to cause a daemon outage, resulting in a denial of
service condition. (CVE-2007-6750)
- An HTTP request smuggling vulnerability exists due to a
flaw in the bundled version of Apache Tomcat; when an
HTTP connector or AJP connector is used, Tomcat fails to
properly handle certain inconsistent HTTP request
headers. A remote attacker can exploit this flaw, via
multiple Content-Length headers or a Content-Length
header and a 'Transfer-Encoding: chunked' header, to
smuggle an HTTP request in one or more Content-Length
headers. (CVE-2013-4286)
- A denial of service vulnerability exists in the bundled
version of Apache Tomcat due to improper processing of
chunked transfer coding with a large amount of chunked
data or whitespace characters in an HTTP header value
within a trailer field. An unauthenticated, remote
attacker can exploit this to cause a denial of service
condition. (CVE-2013-4322)
- A denial of service vulnerability exists due to a flaw
in the bundled version of Apache Tomcat; an integer
overflow condition exists in the parseChunkHeader()
function in ChunkedInputFilter.java. A remote attacker
can exploit this, via a malformed chunk size that is
part of a chunked request, to cause excessive
consumption of resources, resulting in a denial of
service condition. (CVE-2014-0075)
- A remote code execution vulnerability exists due to a
flaw in the bundled version of Apache Struts. A remote
attacker can manipulate the ClassLoader via the class
parameter, resulting in the execution of arbitrary Java
code. (CVE-2014-0094)
- An XML External Entity (XXE) injection vulnerability
exists due to a flaw in the bundled version of Apache
Tomcat; an incorrectly configured XML parser accepts
XML external entities from an untrusted source via XSLT.
A remote attacker can exploit this, by sending specially
crafted XML data, to gain access to arbitrary files.
(CVE-2014-0096)
- An integer overflow condition exists in the bundled
version of Apache Tomcat. A remote attacker, via a
crafted Content-Length HTTP header, can conduct HTTP
request smuggling attacks. (CVE-2014-0099)
- An information disclosure vulnerability exists due to a
flaw in the bundled version of Apache Tomcat. Tomcat
fails to properly constrain the class loader that
accesses the XML parser used with an XSLT stylesheet. A
remote attacker can exploit this, via a crafted web
application that provides an XML external entity
declaration in conjunction with an entity reference, to
read arbitrary files. (CVE-2014-0119)
- A flaw exists in a bundled version of Samba due to a
flaw in the vfswrap_fsctl() function that is triggered
when responding to FSCTL_GET_SHADOW_COPY_DATA or
FSCTL_SRV_ENUMERATE_SNAPSHOTS client requests. An
unauthenticated, remote attacker can exploit this, via
a specially crafted request, to disclose sensitive
information from process memory. (CVE-2014-0178)
- Multiple flaws exist in the bundled version of Mozilla
Firefox that allow a remote attacker to execute
arbitrary code. (CVE-2014-1555, CVE-2014-1556,
CVE-2014-1557)
- An information disclosure vulnerability exists due to
the chkauth password being saved in plaintext in the
audit log. A local attacker can exploit this to gain
administrator access. (CVE-2014-3077)
- A denial of service vulnerability exists due to a flaw
in the bundled version of Samba. An authenticated,
remote attacker can exploit this, via an attempt to read
a Unicode pathname without specifying the use of
Unicode, to cause an application crash. (CVE-2014-3493)
- A security bypass vulnerability exists due to an
unspecified flaw. A remote attacker can exploit this
flaw to reset the administrator password to its default
value via a direct request to the administrative IP
address. Note that this vulnerability only affects the
1.4.x release levels. (CVE-2014-4811)");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004834");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004836");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004854");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004860");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004861");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004867");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004869");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004835");
script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Storwize version 1.4.3.4 / 1.5.0.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1557");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/03");
script_set_attribute(attribute:"patch_publication_date", value:"2015/07/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/26");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_unified_v7000");
script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v7000");
script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v5000");
script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v3700");
script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v3500");
script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:san_volume_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v7000_unified_software");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v7000_software");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v5000_software");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v3700_software");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v3500_software");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:san_volume_controller_software");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ibm_storwize_detect.nbin");
script_require_keys("Host/IBM/Storwize/version", "Host/IBM/Storwize/machine_major", "Host/IBM/Storwize/display_name");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit("Host/IBM/Storwize/version");
machine_major = get_kb_item_or_exit("Host/IBM/Storwize/machine_major");
display_name = get_kb_item_or_exit("Host/IBM/Storwize/display_name");
if (
machine_major != "2073" && # V7000 Unified
machine_major != "2071" && # V3500
machine_major != "2072" && # V3700
machine_major != "2076" && # V7000
machine_major != "2077" && # V5000
machine_major != "2145" && # SAN Volume Controller
machine_major != "4939" # Flex System V7000 Storage Node
) audit(AUDIT_DEVICE_NOT_VULN, display_name);
if (version == UNKNOWN_VER || version == "Unknown")
audit(AUDIT_UNKNOWN_APP_VER, display_name);
if (machine_major == "2073")
{
if (version =~ "^1\.[3-4]\.") fix = "1.4.3.4";
else if (version =~ "^1\.5\.") fix = "1.5.0.2";
else audit(AUDIT_DEVICE_NOT_VULN, display_name, version);
}
else
{
if (version =~ "^((6\.[1234])|(7\.[12]))\.") fix = "7.2.0.8";
else if (version =~ "^7\.3\.") fix = "7.3.0.5";
else audit(AUDIT_DEVICE_NOT_VULN, display_name, version);
}
if (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)
audit(AUDIT_DEVICE_NOT_VULN, display_name, version);
if (report_verbosity > 0)
{
report =
'\n Name : ' + display_name +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_hole(port:0, extra:report);
}
else security_hole(port:0);
The latest version of this script can be found in these locations depending on your platform:
- Linux / Unix:
/opt/nessus/lib/nessus/plugins/ibm_storwize_1_5_0_2.nasl
- Windows:
C:\ProgramData\Tenable\Nessus\nessus\plugins\ibm_storwize_1_5_0_2.nasl
- Mac OS X:
/Library/Nessus/run/lib/nessus/plugins/ibm_storwize_1_5_0_2.nasl
Go back to menu.
How to Run
Here is how to run the IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities as a standalone plugin via the Nessus web user interface (https://localhost:8834/):
- Click to start a New Scan.
- Select Advanced Scan.
- Navigate to the Plugins tab.
- On the top right corner click to Disable All plugins.
- On the left side table select Misc. plugin family.
- On the right side table select IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities plugin ID 84401.
- Specify the target on the Settings tab and click to Save the scan.
- Run the scan.
Here are a few examples of how to run the plugin in the command line. Note that the examples below demonstrate the usage on the Linux / Unix platform.
Basic usage:
/opt/nessus/bin/nasl ibm_storwize_1_5_0_2.nasl -t <IP/HOST>
Run the plugin with audit trail message on the console:
/opt/nessus/bin/nasl -a ibm_storwize_1_5_0_2.nasl -t <IP/HOST>
Run the plugin with trace script execution written to the console (useful for debugging):
/opt/nessus/bin/nasl -T - ibm_storwize_1_5_0_2.nasl -t <IP/HOST>
Run the plugin with using a state file for the target and updating it (useful for running multiple plugins on the target):
/opt/nessus/bin/nasl -K /tmp/state ibm_storwize_1_5_0_2.nasl -t <IP/HOST>
Go back to menu.
References
BID | SecurityFocus Bugtraq ID:
- 21865, 65767, 65773, 65999, 67667, 67668, 67669, 67671, 67686, 68150, 68814, 68822, 68824, 69771, 69773
- https://www.tenable.com/plugins/nessus/84401
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004834
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004835
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004836
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004854
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004860
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004861
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004867
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004869
- https://vulners.com/nessus/IBM_STORWIZE_1_5_0_2.NASL
- 45004 - Apache 2.2.x < 2.2.15 Multiple Vulnerabilities
- 73675 - CentOS 6 : tomcat6 (CESA-2014:0429)
- 73421 - Debian DSA-2897-1 : tomcat7 - security update
- 97419 - F5 Networks BIG-IP : Slowloris denial-of-service attack vulnerability (K12636)
- 77928 - Fedora 20 : tomcat-7.0.52-1.fc20 (2014-11048)
- 70085 - GLSA-201309-12 : Apache HTTP Server: Multiple vulnerabilities
- 79982 - GLSA-201412-29 : Apache Tomcat: Multiple vulnerabilities
- 91222 - HP System Management Homepage Multiple Vulnerabilities (HPSBMU03593)
- 99128 - macOS : macOS Server < 5.3 Multiple Vulnerabilities
- 83293 - MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities
- 83295 - MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities
- 78749 - Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU)
- 73677 - Oracle Linux 6 : tomcat6 (ELSA-2014-0429)
- 76570 - Oracle Secure Global Desktop Multiple Vulnerabilities (July 2014 CPU)
- 73678 - RHEL 6 : tomcat6 (RHSA-2014:0429)
- 76240 - RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0525)
- 76241 - RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0526)
- 73203 - Apache Struts 2 'class' Parameter ClassLoader Manipulation
- 117393 - Apache Struts 2.x < 2.3.16.2 Multiple Vulnerabilities (S2-020)
- 81105 - Apache Struts 2.0.0 < 2.3.16.1 Multiple Vulnerabilities (credentialed check) (Deprecated)
- 83578 - SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1)
- 72874 - Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : tomcat6, tomcat7 vulnerabilities (USN-2130-1)
- 76388 - VMware vCenter Operations Management Suite Multiple Vulnerabilities (VMSA-2014-0007)
- 77728 - VMware Security Updates for vCenter Server (VMSA-2014-0008)
- 77630 - VMSA-2014-0008 : VMware vSphere product updates to third-party libraries
- 73763 - Apache Struts 2 ClassLoader Manipulation Incomplete Fix for Security Bypass
Version
This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.
Plugin file ibm_storwize_1_5_0_2.nasl version 1.10. For more plugins, visit the Nessus Plugin Library.
Go back to menu.