Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.LCE_4_8_1.NASL
HistoryMar 22, 2017 - 12:00 a.m.

Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities

2017-03-2200:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
82
JSON

The version of Tenable Log Correlation Engine (LCE) installed on the remote host is prior to 4.8.1. It is, therefore, affected by the following vulnerabilities :

  • Multiple cross-site scripting (XSS) vulnerabilities exist in the Handlebars library in the lib/handlebars/utils.js script due to a failure to properly escape input passed as unquoted attributes to templates. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted request, to execute arbitrary script code in a user’s browser session. (CVE-2015-8861, CVE-2015-8862)

  • A heap-based buffer overflow condition exists in the Perl-Compatible Regular Expressions (PCRE) component that is triggered when processing nested back references in a duplicate named group. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-1283)

  • An out-of-bounds read error exists in the libxml2 component in parserInternals.c due to improper parsing of characters in an XML file. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition.
    (CVE-2016-1833)

  • An overflow condition exists in the libxml2 component in xmlstring.c due to improper validation of user-supplied input when handling a string with NULL. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-1834)

  • Multiple use-after-free errors exist in the libxml2 component in parser.c that is triggered when parsing complex names. An unauthenticated, remote attacker can exploit these issues, via a specially crafted file, to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1835, CVE-2016-1836)

  • Multiple heap-based buffer overflow conditions exist in the libxml2 component in HTMLparser.c and xmlregexp.c due to improper validation of user-supplied input when parsing characters in a range. An unauthenticated, remote attacker can exploit these issues, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-1837, CVE-2016-1839, CVE-2016-1840)

  • Multiple out-of-bounds read errors exist in the libxml2 component in parser.c. An unauthenticated, remote attacker can exploit these issues to disclose sensitive information or cause a denial of service condition.
    (CVE-2016-1838, CVE-2016-4447)

  • A heap buffer overflow condition exists in the OpenSSL component in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)

  • A heap buffer overflow condition exists in the OpenSSL component in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block.
    An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)

  • Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.
    (CVE-2016-2107)

  • A remote code execution vulnerability exists in the OpenSSL component in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer.
    An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108)

  • Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory.
    An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)

  • An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory.
    (CVE-2016-2176)

  • An overflow condition exists in the Perl-Compatible Regular Expressions (PCRE) component due to improper validation of user-supplied input when handling the (*ACCEPT) verb. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-3191)

  • A flaw exists in the libxml2 component in parser.c that occurs when handling XML content in recovery mode. An unauthenticated, remote attacker can exploit this to cause a stack exhaustion, resulting in a denial of service condition. (CVE-2016-3627)

  • A flaw exists in the libxml2 component in parser.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a stack exhaustion, resulting in a denial of service condition. (CVE-2016-3705)

  • A format string flaw exists in the libxml2 component due to improper use of string format specifiers (e.g. %s and %x). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4448)

  • An XML external entity injection vulnerability exists in parser.c due to improper parsing of XML data. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to disclose arbitrary files or cause a denial of service condition. (CVE-2016-4449)

  • An out-of-bounds read error exists in the libxml2 component in xmlsave.c that occurs when handling XML content in recovery mode. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition.
    (CVE-2016-4483)

  • A security bypass vulnerability exists in the libcurl component due to the program attempting to resume TLS sessions even if the client certificate fails. An unauthenticated, remote attacker can exploit this to bypass validation mechanisms. (CVE-2016-5419)

  • An information disclosure vulnerability exists in the libcurl component due to the program reusing TLS connections with different client certificates. An unauthenticated, remote attacker can exploit this to disclose sensitive cross-realm information.
    (CVE-2016-5420)

  • A use-after-free error exists in the libcurl component that is triggered as connection pointers are not properly cleared for easy handles. An unauthenticated, remote attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2016-5421)

  • Multiple stored cross-site scripting (XSS) vulnerabilities exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user’s browsers session. (CVE-2016-9261)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(97893);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/10/25");

  script_cve_id(
    "CVE-2015-8861",
    "CVE-2015-8862",
    "CVE-2016-1283",
    "CVE-2016-1833",
    "CVE-2016-1834",
    "CVE-2016-1835",
    "CVE-2016-1836",
    "CVE-2016-1837",
    "CVE-2016-1838",
    "CVE-2016-1839",
    "CVE-2016-1840",
    "CVE-2016-2105",
    "CVE-2016-2106",
    "CVE-2016-2107",
    "CVE-2016-2108",
    "CVE-2016-2109",
    "CVE-2016-2176",
    "CVE-2016-3191",
    "CVE-2016-3627",
    "CVE-2016-3705",
    "CVE-2016-4447",
    "CVE-2016-4448",
    "CVE-2016-4449",
    "CVE-2016-4483",
    "CVE-2016-5419",
    "CVE-2016-5420",
    "CVE-2016-5421",
    "CVE-2016-9261"
  );
  script_bugtraq_id(
    79825,
    84810,
    84992,
    87940,
    89744,
    89746,
    89752,
    89757,
    89760,
    89854,
    90013,
    90856,
    90864,
    90865,
    92292,
    92306,
    92309,
    96434,
    96436
  );
  script_xref(name:"EDB-ID", value:"39491");
  script_xref(name:"EDB-ID", value:"39492");
  script_xref(name:"EDB-ID", value:"39493");
  script_xref(name:"EDB-ID", value:"39494");
  script_xref(name:"EDB-ID", value:"39768");

  script_name(english:"Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities");
  script_summary(english:"Performs a version check.");

  script_set_attribute(attribute:"synopsis", value:
"A data aggregation application installed on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Tenable Log Correlation Engine (LCE) installed on the
remote host is prior to 4.8.1. It is, therefore, affected by the
following vulnerabilities :

  - Multiple cross-site scripting (XSS) vulnerabilities
    exist in the Handlebars library in the
    lib/handlebars/utils.js script due to a failure to
    properly escape input passed as unquoted attributes to
    templates. An unauthenticated, remote attacker can
    exploit these vulnerabilities, via a specially crafted
    request, to execute arbitrary script code in a user's
    browser session. (CVE-2015-8861, CVE-2015-8862)

  - A heap-based buffer overflow condition exists in the
    Perl-Compatible Regular Expressions (PCRE) component
    that is triggered when processing nested back references
    in a duplicate named group. An unauthenticated, remote
    attacker can exploit this to cause a denial of service
    condition or the execution of arbitrary code.
    (CVE-2016-1283)

  - An out-of-bounds read error exists in the libxml2
    component in parserInternals.c due to improper parsing
    of characters in an XML file. An unauthenticated, remote
    attacker can exploit this to disclose sensitive
    information or cause a denial of service condition.
    (CVE-2016-1833)

  - An overflow condition exists in the libxml2 component in
    xmlstring.c due to improper validation of user-supplied
    input when handling a string with NULL. An
    unauthenticated, remote attacker can exploit this, via a
    specially crafted file, to cause a denial of service
    condition or the execution of arbitrary code.
    (CVE-2016-1834)

  - Multiple use-after-free errors exist in the libxml2
    component in parser.c that is triggered when parsing
    complex names. An unauthenticated, remote attacker can
    exploit these issues, via a specially crafted file, to
    dereference already freed memory and potentially execute
    arbitrary code. (CVE-2016-1835, CVE-2016-1836)

  - Multiple heap-based buffer overflow conditions exist in
    the libxml2 component in HTMLparser.c and xmlregexp.c
    due to improper validation of user-supplied input when
    parsing characters in a range. An unauthenticated,
    remote attacker can exploit these issues, via a
    specially crafted file, to cause a denial of service
    condition or the execution of arbitrary code.
    (CVE-2016-1837, CVE-2016-1839, CVE-2016-1840)

  - Multiple out-of-bounds read errors exist in the libxml2
    component in parser.c. An unauthenticated, remote
    attacker can exploit these issues to disclose sensitive
    information or cause a denial of service condition.
    (CVE-2016-1838, CVE-2016-4447)

  - A heap buffer overflow condition exists in the OpenSSL
    component in the EVP_EncodeUpdate() function within file
    crypto/evp/encode.c that is triggered when handling a
    large amount of input data. An unauthenticated, remote
    attacker can exploit this to cause a denial of service
    condition. (CVE-2016-2105)

  - A heap buffer overflow condition exists in the OpenSSL
    component in the EVP_EncryptUpdate() function within
    file crypto/evp/evp_enc.c that is triggered when
    handling a large amount of input data after a previous
    call occurs to the same function with a partial block.
    An unauthenticated, remote attacker can exploit this to
    cause a denial of service condition. (CVE-2016-2106)

  - Flaws exist in the aesni_cbc_hmac_sha1_cipher()
    function in file crypto/evp/e_aes_cbc_hmac_sha1.c and
    the aesni_cbc_hmac_sha256_cipher() function in file
    crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered
    when the connection uses an AES-CBC cipher and AES-NI
    is supported by the server. A man-in-the-middle attacker
    can exploit these to conduct a padding oracle attack,
    resulting in the ability to decrypt the network traffic.
    (CVE-2016-2107)

  - A remote code execution vulnerability exists in the
    OpenSSL component in the ASN.1 encoder due to an
    underflow condition that occurs when attempting to
    encode the value zero represented as a negative integer.
    An unauthenticated, remote attacker can exploit this to
    corrupt memory, resulting in the execution of arbitrary
    code. (CVE-2016-2108)

  - Multiple unspecified flaws exist in the d2i BIO
    functions when reading ASN.1 data from a BIO due to
    invalid encoding causing a large allocation of memory.
    An unauthenticated, remote attacker can exploit these to
    cause a denial of service condition through resource
    exhaustion. (CVE-2016-2109)

  - An out-of-bounds read error exists in the
    X509_NAME_oneline() function within file
    crypto/x509/x509_obj.c when handling very long ASN1
    strings. An unauthenticated, remote attacker can exploit
    this to disclose the contents of stack memory.
    (CVE-2016-2176)

  - An overflow condition exists in the Perl-Compatible
    Regular Expressions (PCRE) component due to improper
    validation of user-supplied input when handling the
    (*ACCEPT) verb. An unauthenticated, remote attacker can
    exploit this to cause a denial of service condition or
    the execution of arbitrary code. (CVE-2016-3191)

  - A flaw exists in the libxml2 component in parser.c that
    occurs when handling XML content in recovery mode. An
    unauthenticated, remote attacker can exploit this to
    cause a stack exhaustion, resulting in a denial of
    service condition. (CVE-2016-3627)

  - A flaw exists in the libxml2 component in parser.c due
    to improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit this to
    cause a stack exhaustion, resulting in a denial of
    service condition. (CVE-2016-3705)

  - A format string flaw exists in the libxml2 component due
    to improper use of string format specifiers (e.g. %s and
    %x). An unauthenticated, remote attacker can exploit
    this to cause a denial of service condition or the
    execution of arbitrary code. (CVE-2016-4448)

  - An XML external entity injection vulnerability exists in
    parser.c due to improper parsing of XML data. An
    unauthenticated, remote attacker can exploit this, via
    specially crafted XML data, to disclose arbitrary files
    or cause a denial of service condition. (CVE-2016-4449)

  - An out-of-bounds read error exists in the libxml2
    component in xmlsave.c that occurs when handling XML
    content in recovery mode. An unauthenticated, remote
    attacker can exploit this to disclose sensitive
    information or cause a denial of service condition.
    (CVE-2016-4483)

  - A security bypass vulnerability exists in the libcurl
    component due to the program attempting to resume TLS
    sessions even if the client certificate fails. An
    unauthenticated, remote attacker can exploit this to
    bypass validation mechanisms. (CVE-2016-5419)

  - An information disclosure vulnerability exists in the
    libcurl component due to the program reusing TLS
    connections with different client certificates. An
    unauthenticated, remote attacker can exploit this to
    disclose sensitive cross-realm information.
    (CVE-2016-5420)

  - A use-after-free error exists in the libcurl component
    that is triggered as connection pointers are not
    properly cleared for easy handles. An unauthenticated,
    remote attacker can exploit this to dereference already
    freed memory, potentially resulting in the execution of
    arbitrary code. (CVE-2016-5421)

  - Multiple stored cross-site scripting (XSS)
  	vulnerabilities exist due to improper validation of
  	user-supplied input. An authenticated, remote attacker
  	can exploit these, via a specially crafted request, to
  	execute arbitrary script code in a user's browsers
  	session. (CVE-2016-9261)");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/tns-2016-18");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20160503.txt");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Tenable LCE version 4.8.1 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:log_correlation_engine");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("lce_installed.nbin");
  script_require_keys("installed_sw/Log Correlation Engine Server");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("install_func.inc");
include("misc_func.inc");

app_name = "Log Correlation Engine Server";

install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
version = install['version'];
path    = install['path'];

fixed_version = '4.8.1';

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)
{
  security_report_v4(
    port:0,
    severity:SECURITY_HOLE,
    xss:TRUE,
    extra:
      '\n  Path               : ' + path +
      '\n  Installed version  : ' + version +
      '\n  Fixed version      : ' + fixed_version +
      '\n'
  );
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
VendorProductVersionCPE
tenablelog_correlation_enginecpe:/a:tenable:log_correlation_engine

References

Related

oraclelinux 1
nessus 43
openvas 35
ibm 47
centos 1
freebsd 3
redhat 1
amazon 3
symantec 2
archlinux 4
suse 12
altlinux 8
debian 6
ubuntu 3
osv 3
f5 2
cloudfoundry 3
cisco 1
mageia 3
nodejsblog 1
slackware 3
fortinet 1
arista 1
huawei 1
aix 1
paloalto 1
freebsd_advisory 1
fedora 7
kaspersky 1
oraclelinux
oraclelinux
libxml2 security update
2016-06-23 00:00:00
nessus
nessus
Scientific Linux Security Update : libxml2 on SL6.x, SL7.x i386/x86_64 (20160623)
2016-06-24 00:00:00
Amazon Linux AMI : libxml2 (ALAS-2016-719)
2016-07-15 00:00:00
OracleVM 3.3 / 3.4 : libxml2 (OVMSA-2016-0087)
2016-06-24 00:00:00
openvas
openvas
CentOS Update for libxml2 CESA-2016:1292 centos6
2016-06-24 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-719)
2016-10-26 00:00:00
RedHat Update for libxml2 RHSA-2016:1292-01
2016-06-24 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in libxml2 affect PowerKVM
2018-06-18 01:33:00
Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Security Network Protection
2018-06-16 21:44:27
Security Bulletin: Libxml2 vulnerabilities affect IBM SmartCloud Entry
2020-07-19 00:49:12
centos
centos
libxml2 security update
2016-06-23 15:28:21
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2016-05-23 00:00:00
OpenSSL -- multiple vulnerabilities
2016-05-03 00:00:00
Vulnerabilities in Curl
2016-08-03 00:00:00
redhat
redhat
(RHSA-2016:1292) Important: libxml2 security update
2016-06-23 08:21:08
amazon
amazon
Important: libxml2
2016-07-14 16:30:00
Important: openssl
2016-05-03 10:30:00
Medium: curl
2016-08-17 13:30:00
symantec
symantec
SA129 : Multiple libxml2 Vulnerabilities
2016-09-01 08:00:00
SA123 : OpenSSL Vulnerabilities 3-May-2016
2016-05-09 08:00:00
archlinux
archlinux
libxml2: multiple issues
2016-05-26 00:00:00
lib32-openssl: multiple issues
2016-05-04 00:00:00
openssl: multiple issues
2016-05-04 00:00:00
suse
suse
Security update for libxml2 (important)
2016-06-16 13:08:21
Security update for libxml2 (important)
2016-06-16 13:10:48
Security update for libxml2 (important)
2016-06-17 15:08:25
altlinux
altlinux
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-03 00:00:00
Security fix for the ALT Linux 8 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-07 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-03 00:00:00
debian
debian
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
[SECURITY] [DLA 503-1] libxml2 security update
2016-06-03 19:22:01
ubuntu
ubuntu
libxml2 vulnerabilities
2016-06-06 00:00:00
OpenSSL vulnerabilities
2016-05-03 00:00:00
curl vulnerabilities
2016-08-08 00:00:00
osv
osv
openssl - security update
2016-05-03 00:00:00
openssl - security update
2016-05-03 00:00:00
curl - security update
2016-08-03 00:00:00
f5
f5
K07538415 : Multiple OpenSSL vulnerabilities
2016-05-04 00:00:00
SOL07538415 - Multiple OpenSSL vulnerabilities
2016-05-03 00:00:00
cloudfoundry
cloudfoundry
USN-2994-1 libxml2 vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
USN-2959-1 OpenSSL vulnerabilities | Cloud Foundry
2016-05-06 00:00:00
USN-3048-1 curl vulnerability | Cloud Foundry
2016-08-25 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
2016-05-04 19:30:00
mageia
mageia
Updated libxml2 packages fix security vulnerability
2016-07-27 00:59:16
Updated openssl packages fix security vulnerability
2016-05-08 00:22:48
Updated curl packages fix security vulnerability
2016-08-31 18:32:33
nodejsblog
nodejsblog
OpenSSL updates, 1.0.1t and 1.0.2h
2016-05-02 00:00:00
slackware
slackware
[slackware-security] openssl
2016-05-03 21:05:31
[slackware-security] curl
2016-08-06 21:10:00
[slackware-security] libxml2
2016-05-27 23:33:14
fortinet
fortinet
OpenSSL Advisory - May 2016
2016-09-22 00:00:00
arista
arista
Security Advisory 0020
2016-05-06 00:00:00
huawei
huawei
Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016
2016-07-06 00:00:00
aix
aix
Vulnerabilities in OpenSSL affect AIX
2016-07-12 14:14:43
paloalto
paloalto
OpenSSL Vulnerabilities
2016-09-02 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:17.openssl
2016-05-04 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25
2017-04-19 09:32:17
[SECURITY] Fedora 24 Update: libxml2-2.9.4-2.fc24
2017-04-19 07:53:28
[SECURITY] Fedora 22 Update: openssl-1.0.1k-15.fc22
2016-05-10 17:58:11
kaspersky
kaspersky
KLA10859 Security bypass vulnerabilities in cURL
2016-08-03 00:00:00
JSON
Related for LCE_4_8_1.NASL
oraclelinux1nessus43openvas35ibm47centos1freebsd3redhat1amazon3symantec2archlinux4suse12altlinux8debian6ubuntu3osv3f52cloudfoundry3cisco1mageia3nodejsblog1slackware3fortinet1arista1huawei1aix1paloalto1freebsd_advisory1fedora7kaspersky1