Computer Security
[EN] securityvulns.ru no-pyccku


EMC VPLEX multiple security vulnerabilities
Published:31.03.2014
Source:
SecurityVulns ID:13647
Type:remote
Threat Level:
5/10
Description:Directory traversal, protection bypass.
Affected:EMC : VPLEX GeoSynchrony 5.2
CVE:CVE-2014-0635 (Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.)
 CVE-2014-0634 (EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.)
 CVE-2014-0633 (The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.)
 CVE-2014-0632 (Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Original documentdocumentEMC, ESA-2014-016: EMC VPLEX Multiple Vulnerabilities (31.03.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod