Advance Notification Service for the January 2014 Security Bulletin Release

Today we provide advance notification for the release of four bulletins for January 2014. All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described i...

CVE-2012-0825

CVE-2012-0825 affects Drupal 6.x up to 6.23 and 7.x up to 7.11, where Attribute Exchange (AX) information is not signed, enabling MITM modification of AX data. Related advisories confirm this CVE in multiple distributions (e.g., Debian DSA-2776-1; MiracleLinux AXSA-2012-98:01). Remediation in aff...

Tridium Niagara AX Web Server Directory Traversal 'config.bog' Disclosure Remote Compromise

Binary data scadatridiumniagarapatch11feb2013.nbin...

Tridium Niagara AX Web Server Detection

Binary data scadatridiumniagaradetect.nbin...

Tridium Niagara AX Web Server Multiple Vulnerabilities

Binary data scadatridiumniagarapatch18dec2012.nbin...

Tridium Niagara AX Detection

Binary data 6847.prm...

CVE-2012-4701

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging 1 valid credentials or 2 the guest feature...

Directory traversal

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging 1 valid credentials or 2 the guest feature...

CVE-2012-4701

CVE-2012-4701 describes a directory traversal in Tridium Niagara AX (versions 3.5–3.7) that lets a remote attacker read sensitive files and potentially execute arbitrary code. The vulnerability can be triggered when valid credentials are present or when the guest feature is enabled, enabling unau...

PT-2013-1700 · Tridium · Tridium Niagara Ax

Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX versions 3.5 through 3.7 Description: The issue allows remote attackers to read sensitive files and potentially execute arbitrary code by leveraging valid credentials or the guest feature. Recommendations: For versions 3.5...

RHEL 6 : JBoss Enterprise Application Platform 5.1.2 update (Low) (RHSA-2011:1798)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1798 advisory. - Invoker servlets authentication bypass HTTP verb tampering CVE-2011-4085 - openid4java AX extension: MITM due to improper validation of AX...

CVE-2012-3025

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2012-3024

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...

Authentication flaw

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...

Default configuration

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2012-3024

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...

CVE-2012-3025

The vulnerability CVE-2012-3025 affects Tridium Niagara AX Framework (versions prior to 3.7). The root cause is a default configuration that transmits credentials in cookies using cleartext base64, enabling remote attackers to capture sensitive information by sniffing network traffic. Impact is c...

CVE-2012-3024

CVE-2012-3024 affects Tridium Niagara AX Framework up to version 3.6. The issue is that session IDs and keys are predictable, potentially enabling remote attackers to bypass authentication through brute-force attempts. The description consistently states an authentication bypass risk but does not...

CVE-2012-3025

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network...

PT-2012-4445 · Tridium · Tridium Niagara Ax Framework

Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX Framework versions prior to 3.8 is not mentioned, however, it is mentioned that versions through 3.6 are affected. Therefore: Tridium Niagara AX Framework versions through 3.6 Description: The issue is related to the use of...