Dark Reading
Risky Business
CISO GUIDE: FISMA Compliance
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
EBOOK: 7 Truths of IT Governance
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
BUYERS GUIDE: Endpoint Protection
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
All Security News Feeds
Gartner Says 60 Percent of Virtualized Servers Will Be Less Secure Than the Physical Servers They Replace Through 2012
McAfee Announces Secure The Cloud Initiative
Panda Cloud Antivirus Awarded ICSA Labs Certification
J&B Software Introduces New SaaS Mobile Deposit Solution For Smartphones
IBM Extends Development And Test To The IBM Cloud
Athena Security Offers Free Firewall Browser
ThreatMetrix Rolls Out Fraud Network
ClearPoint's New Metrics-Based PCI Compliance Management Service Free For 30 Days
Trend Micro Introduces Hosted Email Security 2.0
How Taxpayers Can Protect Themselves From Identity Theft During This Year's Tax Season
Q1 Labs Rolls Out Integrated Risk Management, SIEM, Log Mgt, Network Behavior Analysis
Trusteer Flashlight Provides Malware Analysis And Remediation For Financial Institutions
Kanguru Secure USB Drive Gains FIPS 140-2 Certification
ActivIdentity ID Cards For Companies Doing Biz With Fed Gov
Father And Son Plead Guilty To Selling Counterfeit Software Worth $1 Million
FBI/IC3 Annual Report Shows Online Crime Complaints Up 22%, Losses Double
Tufin Logs Record 2009
Portcullis Rolls Out Unified Access Gateway Appliance
.ORG To Fully Deploy DNSSEC In June 2010
FBI, National Center for Disaster Fraud To Coordinate Haitian And Chilean Fraud Complaints
StoneGate Rolls Out Virtual SSL VPN 1.4
Fidelis Introduces Information Flow Map
Route1 Announces Commercial Availability Of MobiKEY Fusion
Astaro Will Add IPv6 Support
SCM Microsystems Further Expands Smart Card Readers, Terminals
TriCipher Offers Fast OpenID Support For SaaS Providers
FireHost Closes Series A Round Of Financing
AirMagnet Enterprise Protects Against Latest Wi-Fi Security Exploits, Vulnerabilities
Trustwave Unveils DLP With Smart Tag Encryption Technology
Swiss Army Knife Vendor Offers £100,000 To Crack Its Secure Storage Device
Kaspersky Lab Discovers Koobface Worm Doubles Its Number Of Command And Control Servers In 48 Hours
infoLock Technologies Announces Data Risk Assessment Service
Synology Launches DSM 2.3 With Cloud backup, Encryption
Passlogix Announces Universal Strong Authentication Solution For Logon To Microsoft Windows
Meraki Upgrades Wireless LAN Offering With Identity Policy Manager
Fidelis And Safend Announce Integrated DLP Solution
EMC Expands Portfolio of Information Governance Solutions With EMC SourceOne Email Supervisor
Webroot Buys Internet Security Services Provider In Nordic Region
Majority Of Malicious Sites Hosted On U.S. Servers, AVG Study Finds
LifeLock To Pay $12 Million In FTC Settlement
Art of Defence SaaS WAF Now Offered By GoGrid
BreakingPoint Rolls Out ResiliencyScore For Hardening Cyber Infrastructure
LimeWire Adds Security To P2P Network
VeriSign's New Trust Index Results Pinpoint Who Trusts The Internet
Fluke Networks Announces AirCheck Wi-Fi Tester
Wombat's PhishGuru Expands Anti-Phishing Training
BigFix Brings Secure Desktop Virtualization
iPhone, iPod Security Protects From Phishing, Malware, Viruses And Spam
Poll Finds Software Security Top Priority For Enterprises
L.A. Area Dining Establishments Informed Of Possible Data Security Breach
DigitalPersona Announces New Endpoint Protection Suite
Crossbeam Names New CEO
Trustwave Acquires Intellitactics
Freescale Semiconductor Joins UTM Security Appliance Market
Startup DayZero Systems Comes Out Of Stealth Mode
Panda Security Grows Worldwide Revenues
Fortify Announces Strategic Partnership With Key Pair Technologies
Porn Detection Stick Identifies Illicit Content For Parents
Symantec Rolls Out Brightmail Gateway 9.0
Cloud Security Alliance And Novell Deliver Vendor-Neutral Trusted Security Certification Program
Imperva And Qualys Partner To Help Enterprises Protect Against Malicious Attacks On Web Applications
Symantec Answers 'Whose Data Is It Anyway?'
RSA Delivers Validated Solutions and Services To Help Customers Accelerate Virtual Deployments
Gartner Says Worldwide Identity And Access Management Market Will Grow 8 Percent In 2010 To Reach $9.9 Billion
McAfee Launches Vulnerability Detection And Response Group
U.S. Department of Homeland Security Announces Cybersecurity Campaign Challenge
Infosecurity Professionals Receive Salary Increases In 2009, Hiring Heating Up In 2010, (ISC)2 Survey Says
RSA President Declares Cloud Computing an Opportunity To Turn The Way Security Is Delivered Inside Out
Verizon Joins Open Identity Exchange
AirPatrol Announces Availability Of Rapid Deployment Wireless Security System For Corporations, Government Agencies
Cloudmark Secures $23 Million In Growth Equity Funding
Cenzic Enhances Flagship Web Security Offering
OATH Announces Certification Program To Promote Interoperability
Open Identity Exchange Formed To Build Trust In Online Identity Management
Check Point And SanDisk Deliver Secure Virtual Workspace
WinMagic's SecureDoc Full-Disk Encryption Product Now Supports Intel Anti Theft Technology
Zix Enhances Email Encryption Service
nuBridges Forms Tokenization Standards Group
v-GO SSO Integrates With Microsoft Forefront Identity Manager 2010
MANDIANT, Bit9 Join Forces To Integrate Enterprise Application Whitelisting With Incident Response Software
Net Optics Unveils New Director Pro And Gig Zero Delay Solutions
ISC2 Announces 2010 Resource Guide
U.S. Businesses Losing Millions From Illegal Interception Of Cell Phone Calls: Ponemon Institute
RedShift Networks Delivers Unified Communications And Collaboration Security For The Enterprise
Sourcefire Partners with Immunet To Deliver Cloud-Based Antivirus Protection
Cybera Launches SECURE|WAVE, Wireless Intrusion Detection Services
Axway Issues Proactive Cloud Security Guidelines To Encourage Companies To Become Cloud-Ready
Gemalto's Protiva Strong Authentication Server Now Integrated With Microsoft's Integrated Forefront Identity Manager
nuBridges Launches Tokenization Partner Program
Quest Software Expands Provisioning To SharePoint And SAP Solutions
Damballa Releases Analysis Of 'Operation Aurora' Command-And-Control Activity
Sunbelt Announces VIPRE Enterprise Premium
ArcSight Launches Latest Version Of ArcSight Express
FaceTime Survey Shows 38% Of IT Managers Ignoring Web 2.0 Risks
F5 Networks And Infoblox Launch Joint DNSSEC Solution
Trend Micro Partners With Qualys To Strengthen Security And Compliance Offerings
Imperva Introduces ThreatRadar To Mitigate Automated, Industrialized Cyber Attacks
M86 Security Unveils New Cloud-Based Email Security Platform
Datacom Systems Unveils 10G DURAstream Bypass Switch
Xbridge Systems Partners With nexTier Networks On DLP
Black Box To Demonstrate Security Solutions At RSA
Sentrigo Introduces Repscan 3.0, Vulnerability Assessment And Security Scanning For Databases
DoD Adds Ethical Hacker Certification Program
Damballa Terminates Botnets and Crimeware Threats That Compromise Fortune 1000 Enterprises
Radiant Logic Extends Identity & Context Virtualization With Release Of RadiantOne Suite 5.2
Lieberman Software Extends Privileged Identity Management To Cloud Infrastructure
Industry Leaders Harness Sophos To Power Security Products And Services
GlobalSign Releases Code Signing Certificates For Individual Software Developers
BlockMaster And CryptoCard Offer Authentication On-Demand Over The Internet
Industrialized Cyberattacks Infect Educational Servers Worldwide
Survey By IEEE, Cloud Security Alliance Details Importance And Urgency Of Cloud Computing Security Standards
Netronome Announces First SSL Inspection Appliance For 10 Gbps Networks
BeyondTrust Announces Privilege Manager 4.7
TriCipher myOneLogin SignatureBook Offers Digital Signatures On-Demand
CertiVox Launches Web 2.0 Security Service
Avenda Announces New Identity-Aware Network Security Solution
Thales And Ponemon Institute PCI DSS Survey Reveals That Encryption Is Most Effective Means For End-to-End Protection
SRA Presents One Vault Voice For Secure BlackBerry Smartphones
EMC Expands Security Consulting Services
SafeNet Solutions Secure Cloud Computing Deployments
nCircle Announces Self-Service Security and Compliance Portal, Enhanced Auditing Of Virtualized Environments
FoxT Announces Availability of BoKS Access Control For Servers To Secure Access To Amazon EC2 Cloud
PFU Systems Debuts Affordable Network Access Control Solution
Qualys Introduces GO SECURE Service For Businesses To Scan Web Sites For Malware, Vulnerabilities
TippingPoint Introduces SSL Security Protection Customized For Data Centers Hosting Web Applications
New Mobile VoIP Encryption Announced
Damballa Launches Realtime Botnet Termination
TippingPoint Introduces New Products To Secure Virtualized Next-Generation Data Centers
Lumension Unveils Intelligent Application Whitelisting that Operationalizes A Proactive Endpoint Security Approach
Anonymous Browsing, Email Service Launched
New Single Sign-On From ActivIdentity
FTC Issues Report Of 2009 Top Consumer Complaints
Dasient Introduces Malware Protection Seal For Websites
Sophos Offered On Lenovo PCs
Arxan Launches Application Hardening For Mac Apps
Courion Upgrades ID And Access Management Solution
ActivIdentity And idOnDemand Partner For Cloud Security
SecuWipe Deletes Data From Stolen Or Lost Windows Phones And Windows CE Terminals
Guardian Analytics Announces FraudMAP For Business Banking
Key Pair Technologies Announces Cloud Security And Virtualization Product Family
Centrify Delivers DirectSecure For Next-Generation Protection Of Cross-Platform Systems
HyTrust Announces $10.5 M In Series B Funding, Adds Cisco And Granite Ventures
Mocapay Unveils Secure Mobile Payments
3Com Delivers On Secure Network Fabric Strategy With New Solutions For Next-Generation Data Centers
Qualys Launches Cloud Computing Solution For FDCC Compliance
Palo Alto Networks Rolls Out New Next-Generation Firewall Software
Melissa Hathaway, John Stewart, Roland Cloutier Join Core's Advisory Board
Agiliance Integrates With VeriSign iDefense
BreakingPoint Announces Major Revenue Growth
Rapid7 Announces Exploit Index
Petition To Congress On E-Banking Security
Fasoo To Launch/Demo New Enterprise DRM Solution At RSA
Zscaler Publishes 'State of the Web' Report For Q4 2009
Endace Introduces Next Generation, Carrier-Grade Intrusion Detection Solution
Rapid7 NeXpose Leverages Metasploit Data, Exploit Database
TippingPoint Rolls Out New IPS For Virtual Environments
Alert Logic Launches LogReview For PCI
Internet Tops 192 Million Domain Name Registrations
nCircle Announces Patch Priority Index
FTC Probe Uncovers Widespread Data Breaches Via P2P Networks
Utah High School Team Wins CyberPatriot II Competition
SHI And Solutionary Announce Partnership In Managed Security Services
Triumfant Issues RSA 2010 Malware Detection Challenge
IBM, Thales Team In Key Management For Storage Encryption
IBM, Gemalto Team In Authentication
Trustwave Rolls Out DLP Application
Comodo Rolls Out Dragon Browser Based On Chromium Project
Fidelis DLP Solution Takes Advantage Of Virtualization
41st Parameter Expands European Operations
Avecto Releases Privilege Guard 2.5 And Extends Windows 7 UAC Capabilities
CA Joins Cloud Security Alliance
OpenDNS Adds New Web Filtering Feature
Teens Compete In CyberPatriot II Championships
TriGeo Unveils its Next Generation SIEM
Free Online Service Helps Software Developers Gauge Payment Application Security Vulnerabilities
Rapid 7 Rolls Out Service For Compliance With New Mass. Privacy Law
Cloudmark Acquires Bizanga
Centrify Rolls Out New ID/Access Management Line
Former DHS Assistant Cybersecurity Secretary Joins Information Security Forum
McAfee, Brocade Team Up In Network Security
SonicWALL Reports Fourth Quarter And Fiscal Year 2009 Financial Results
Deluxe Unveils Comprehensive Suite of Identity Theft Protection Solutions For Financial Institutions
Justice Department Announces New Intellectual Property Task Force As Part Of Broad IP Enforcement Initiative
Cybercriminals Continue To Show Their Love For Valentine's Day
Conformity Partners With VeriSign
Endace Offers Free IDS/IPS Health Checks
Veracode Secures $12 Million In VC Funding
Websense Unveils TRITON Architecture Unifying Web, Data, Email Security
Botnet 'Weather Report' Shows Power Of Botnets
Security Firm Makes Final Preparations For The Vancouver 2010 Olympic Winter Games
nCircle Announces 8th Consecutive Year Of Revenue Growth And Continued Profitability
Trustwave NAC Achieves Common Criteria Validation
Titus Labs Launches Version 2 Of Metadata Security For The Microsoft SharePoint Platform
Astaro Rolls Out Free Firewall
Cellcrypt Offers Free 90-Day Secure Calling Trial For BlackBerry Smartphone Users
McAfee Upgrades Consumer Security Product Line
BigFix Offers 10% Discount In The Spirit Of IT Dinosaur Awards
Verizon Business Helps Medium-Sized Businesses Combat Cyberthreats With New, Affordable Integrated Security Suite
Security Startup Rolls Out File Security System
Trend Micro Expands its Hosted Security Service And Puts Focus On Channel-Success And Protecting Mobile Workers
Smart Card Alliance Healthcare Council Plans Identity Management Focus For Upcoming Year
CA Extends Web Access Security Technology
SPYRUS Ships Secure Storage Devices With FIPS 140-2 Encryption
ENISA: 17 Golden Rules To Combat Online Risks For Mobile Social Networking
InfoExpress Adds Virtual Appliance To Its CyberGatekeeper Family Of NAC Products
Sunbelt Software Announces Top 10 Malware Threats For January
Unisys Awarded Contract to Provide Biometric Citizen Identification Solution For Mexico
Report: Corporate Departments Left Open To Voice Call Interception
Windows File System Attack To Be Demo'ed At Shmoocon
DataInherit Launches A Free High Security Online Password Safe
McAfee Announces Quickstart Services For SMBs
Retired USAF General Publishes White Paper on U.S. Strategy For Cyberwar And Cyberterrorism
Cisco: 87% Of Europeans With Wireless Internet At Home Have Enabled Security
PGP Corporation Acquires TC TrustCenter & ChosenSecurity
LogRhythm Granted Patent For Log And Event Management Technology
Wipro, Trend Micro Unite to Deliver Next-Generation Virtualization Security Solutions For Dynamic Datacenters
Netgear Brings Enterprise-Class Security To Small Businesses And Telecommuters For Under $300
VeriSign Identity Protection Mobile Application on Verizon Wireless Phones Makes Security More Accessible
Encryption Firm Says No One Stepped Up To Claim $250k In Pure Gold
Sophos Report: Malware And Spam Rise 70% On Social Networks
Industry Experts Gather At MAAWG To 'Protect The End User'
Cyber-Ark's Sales Increased 40 Percent In 2009
Speaker Pelosi And Boehner Send Letter To CAO On Protecting House Web Sites From Being Hacked
Online Trust Alliance Release Framework For Protecting Consumer Data
New Email Threat Poses As Local Parcel Firms
WhiteHat Security Kicks Off 2010 With Record Revenue
Data Privacy Day: New Report Reveals Companies Struggle To Manage Electronic Records
Tips for Safeguarding Your Online Privacy For World Data Privacy Day
RedSeal Rolls Out Change Management
Skybox Security Launches Firewall Management Solution
StoneGate Releases New Firewall/VPN And Management Centre
StillSecure Announces Virtual Security Services
Tufin Rolls Out New Version of Firewall Management Tool
Tripwire Intros Next-Gen SIEM Solution With Log Center
Google Updates Chrome Browser
Apache Software Foundation Announces Apache SpamAssassin Version 3.3.0
SecureWorks: Hacker Attacks Targeting Healthcare Organizations Doubled In Q4 2009
Secure Passage Announces Record-Breaking Year
PCI DSS Names New Chair
HBGary Federal And Palantir Technologies Partner To Provide Enhanced Cyber-based Threat Intelligence
WhiteHat Partners With Aspect For Web App Security
PacketMotion Simplifies PCI DSS Compliance With New Virtual Segmentation Solution
Panda Security USA Expands Management Team
StopBadware Spins Off From Harvard's Berkman Center For Internet & Society
EU Agency Report: How Email Providers Combat Spam
Thales, Voltage Team To Deliver End-to-End Encryption And Key Management To Secure Payments
AVG Posts Record Growth, Surpasses More Than 110 Million Users
F5 Networks Announces Quarterly Earnings
IronKey Launches Trusted Virtual Computing Initiative
Mozilla Delivers Firefox 3.6
FBI Warns About Mystery/Secret Shopper Schemes Via Email
PGP Corporation Announces New Data Protection Solutions For Mac And Linux Enterprise Users
Lockheed Martin Invests In Cyber Security Talent And Workforce Development
Avast Launches Free Desktop Security Software, Full Internet Security Suite
PC On A Stick/Secure Virtual Desktop From IronKey And Lockheed Martin
Sourcefire Delivers 20 Gbps Intrusion Prevention Solution
Core Security Launches Professional Services
Panda Cloud Antivirus Now Compatible With Windows 7
SAIC To Acquire CloudShield
Perimeter E-Security's Top 10 Threats For '10
Intersections Offers ID Protection Service For $10/Year
Entrust Updates PKI Platform, Adds Linux Support
FaceTime, YellowJacket Team In IM Compliance For Energy Industry
Summit Partners Invests in NetWitness
Dataguise Announces Dgmasker Application Templates
FBI Warns Of Haitian Earthquake Relief Scams Online
Study: Server Virtualization Still Growing
Kingston Digital To Replace Affected Secure USB Flash Drives With Upgraded Security Architecture, New Drives
Check Point Global Survey Reveals Rise In Unprotected Enterprise Endpoints
New Antivirus Company Thirtyseven4 Launches
HP, Microsoft Team In Cloud Computing
Report: Mal-Bredo A Virus Spreads Via Social Media
Core Security Posts Record Growth In Revenues, Sales In Q4
Trustwave Buys BitArmor
Trend Micro Rolls Out New Solution Suites For Enterprises And Midsize Businesses
FIPS 140-2 Certified Encryption Module Added To KVM Switch
Cyber-Ark Labs Launched To Develop New Info Security Solutions, Headed by Former CA Exec
ScanSafe Reports 55% Increase In Employees Attempting to Download Illegal Software At Work
Secerno Debuts Data Protection At 230,000 Transactions Per Second
Huawei Symantec Announces New Security, Storage Brands
Solutionary Designated as an Approved Scanning Vendor by Payment Card Industry (PCI) Security Standards Council
Open Internet Coalition Launches "Protect the Net" Campaign
Thales Introduces Next-Generation Hardware Security Modules
Hughes Announces New Wireless PCI Scanning Service
SecureWorks Gains PCI Certification For Scanning Service
Symantec Data Center Report: 83% Rate Data Center Security Important
Red Condor Warns Of Highly Personalized Spear-Phishing Campaign
Free Comodo System-Cleaner Organizes Registries, Improves Privacy
New Email Security Product Supports TLS Encryption
StrongAuth Releases StrongKey Lite
ICSA: How To Save Time And Resources When Selecting Security Products In 2010
Dyn Inc. Acquires EveryDNS
Oberthur Bank Cards Not Affected by 2010 Bug
Tom Ridge's Security Firm Partners With Pace To Deliver Integrated Energy And Security Solutions
General Dynamics Receives NSA Certification for Secure Voice
PandaLabs Releases 2009 Annual Malware Report
SCM Microsystems, Bluehill ID Merge, Change Name
Gartner Acquires Burton Group
MANDIANT Expanded Team in 2009 By Over 65%
ManageEngine Releases ADSelfService Plus Password Reset Portal
SonicWALL Gives Network Managers More Control With Management System
NetWitness Reports Major Revenue Growth In 2009
Rocstor Unveils New Family Of Encryption Products
CreditReport.com Launches Free Identity Theft News Tool
eEye Names New CEO Kevin Hickey
Centrify Awarded Patent In Identity Management Of Unix, Linux Systems
VeriSign Metrics Highlight Significantly Heavier Traffic This Holiday Season
Fortinet Announces Breakthrough In IPv6 Security Throughput
E-Threats Shifting With International Current Events, Rising Popularity Of Web 2.0, Study Says
Two Consumer Groups Ask FTC To Block Google's Purchase Of AdMob
OTA Asks FTC For Standardized Privacy And More Browser Controls
Palisade PacketSure Certified For Twitter And Facebook
BreakingPoint Introduces Bing-like Security Strike Search Engine
Element Payment Services, Trustwave Partner In Level 4 PCI Compliance Program
SIA Launching Field Studies For Physical Security, Security Project Management
Astaro Releases Version 2.1 Of Free Astaro Command Center
SmoothWall Launches Powerful Web Filtering Appliance
Webroot, AnchorFree Join Forces
Clavister Adds Enhancements To Clavister Security Gateway 4300 Series
Discretix Announces Embedded Security Solutions For Media Phones
IETF, BITS Financial Services And MAAWG Join Forces
Cryptzone Acquires AppGate Network Security AB
Report: Over 97% Of November Email Was Spam
Zscaler Protects Against Adobe Acrobat Reader Zero-Day Exploits
Symantec, Message Systems Join Forces
'Five Golden Rules' For Reducing Security Risk Posed By Temporary Holiday Workers
Veracode Hits Milestone Of 50B Lines Of Code Scanned
Secure64 Releases High-Performing DNS Caching Software
MSSPs Team Up For Global Offering
Black Box Rolls Out New NAC
Protegrity Advances Tokenization Of Sensitive Data With Transparent, On-Site Enterprise-Ready Solution
Flaw In Microsoft's Hypervisor Lets Attackers Bypass DEP, ASLR
Employees Frequently Bypass Security Policy To Do Their Jobs, Study Says
Small Businesses, Banks Wrestle With Security Issues
MORE KEYHOLE
ENTERPRISE VULNERABILITIES
Vulnerability:legato networker, informix dynamic server
Published:2010-03-05
Severity:High
Description:Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allow remote attackers to execute arbitrary code via a crafted parameter size.
Published:2010-03-05
Severity:High
Description:Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allow remote attackers to execute arbitrary code via a crafted parameter size.
Vulnerability:legato networker, informix dynamic server
Published:2010-03-05
Severity:High
Description:Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
Published:2010-03-05
Severity:High
Description:Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
Vulnerability:http server
Published:2010-03-05
Severity:Medium
Description:The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Published:2010-03-05
Severity:Medium
Description:The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Vulnerability:kvm
Published:2010-03-05
Severity:Medium
Description:The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Published:2010-03-05
Severity:Medium
Description:The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Vulnerability:unified communications manager
Published:2010-03-05
Severity:High
Description:Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
Published:2010-03-05
Severity:High
Description:Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
|
