{"myhack58": [{"lastseen": "2019-04-24T11:24:23", "bulletinFamily": "info", "cvelist": ["CVE-2019-11390", "CVE-2019-11388", "CVE-2019-11391", "CVE-2019-11387", "CVE-2019-11389"], "description": "This article tells me is how in the world well-known WAF rule set to find ReDOS vulnerabilities, if you are not yet familiar with regular expressions and ReDOS vulnerability, you can read my previous article: https://nosec.org/home/detail/2506.html the. Simple to say that the ReDOS vulnerability due to certain regular expressions when writing ignore safety, resulting in the match to search for some particular string will consume a lot of computing resources, resulting in a DOS attack effect. And now many WAF products are dependent on the regular expression of the flow to be filtered, upon which the regular expression there is a security problem, it is possible to make the WAF subject to ReDOS vulnerabilities. \nRecently, I spent a lot of time to research the WAF of ReDOS vulnerabilities. And my goal is the world's leading WAF products ModSecurity core rule set CRS, because it has a lot of regular expressions, just to exercise my around the WAF capabilities, two birds with one stone it! \nCRS 29 configuration file, which contains a large number of regular expressions, I can not all manual tests, so I wrote a script to automate the process. Unfortunately the script is still in alpha stage, I can't open it, but I want a good release time, believe that soon and we can meet. \nIn the use script to get some suspicious regular expression, I use regex101. com to remove the expression of the unwanted part, for example, the((fine)|(vulnerable))of(fine)delete \nI also use RegexBuddy to analyze different exploits way, and finally with the Python interpreter to confirm the use of effective. \nNow, let's talk about what I found vulnerability points and their use. \n\nCase#1 \nExpression: (?: (?:^ [\"\"\\\\\\\\]*? [^\"\"]+[\"\"])+|(?:^ [\"\"\\\\\\\\]*? [d\"\"]+)+)s \nUse: \"\"\"\"\"\"\"\"\"\"\"\"\"\" (approximately 1000\") \nWhy is vulnerability? \nThis expression is made|the identifier of the connection of the two sub-expressions, and the two sub-expressions are based on^[\u201d\u2019\\\\\\\\]*? At the beginning, and then at the end of the then pick on one or two special characters. The regular expression engine when processing will to traverse the two sub-expressions all possible, greatly consume computing resources. \nAnd in the second sub-expression\uff0c^[\u201d\u2019\\\\\\\\]*? And[d\u201d\u2019]+will match\u201c, \u2018 and the anti-quotation marks have a clear competitive relationship. \nThis((pattern 1)+|(pattern 2)+)+repetition operators are added to the nested mode it is clear in the processing of special strings will consume a lot of computing resources. \n\nCase#2 \nExpression: for(?:/ [dflr].*)* %+[^ ]+ in(.*) s? do \nWeaknesses: for(?:/ [dflr].*)* % \nUse: for/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r \nWhy is vulnerability? \nLet's a step by step look at this expression for the special character string matching step \nf \nfo \nfor \nfor/ \nfor/r \nfor/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r \nMy given string the latter part will be.* The match, but due to the end of the string is not%, the final will result in a match failure. \nIn this case, in order to successfully match, then the matching logic will miss the last character r to see the rest of the string is in accordance with: \nfor/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/r/ \nOf course, the match still fails. In General, the matching logic will constantly back until the back no retreat, completely fails to match. However, since there are two repeat operators of overlay applications, things become more complicated. And/r can either be.* Match, will be/[dflr]match...... \nI'm not sure if the run finished how many times the calculation, I use the RegexBuddy4 the upper limit is 10,00,000, clearly the true number far exceeds this value. \n\nCase#3 \nPattern: (?: s|/*.**/|//.*|#.*)* (.*) \nTrojan: ################################################ \nWhy is vulnerability? \n(?: s|/*.**/|//.*|#.*)* Can be seen by the|character connected to four sub-expressions, wherein the 3 has.* This can match all the sensitive of the symbol. When the Regular Expression Engine the expression and the string to match the search, only the last sub-expression will match, but because of the lack of expression of the desired (), the match fails, then the Regular Expression Engine will become very crazy, but here also there is a repeat of the operators of the nested problem. Ultimately, each adding a#character, the required step of calculating the number of crazy growth. \nThis last case I was in 3 different rules are found. \nIn that I reported the above vulnerabilities to obtain the following CVE: the \nCVE-2019-11387 \nCVE-2019-11388 \nCVE-2019-11389 \nCVE-2019-11390 \nCVE-2019-11391 \nThank you for reading, I will continue to share more about the ReDOS of the study. \n\n", "edition": 1, "modified": "2019-04-24T00:00:00", "published": "2019-04-24T00:00:00", "id": "MYHACK58:62201993832", "href": "http://www.myhack58.com/Article/html/3/62/2019/93832.htm", "title": "How I was in ModSecurity core rule set to find ReDOS vulnerabilities-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2021-02-02T07:12:48", "description": "An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2019-04-21T02:29:00", "title": "CVE-2019-11387", "type": "cve", "cwe": ["CWE-185"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11387"], "modified": "2019-07-11T20:15:00", "cpe": ["cpe:/a:modsecurity:owasp_modsecurity_core_rule_set:3.1.0"], "id": "CVE-2019-11387", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11387", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:modsecurity:owasp_modsecurity_core_rule_set:3.1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:33", "description": "Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-02T21:29:00", "title": "CVE-2017-11387", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11387"], "modified": "2017-08-06T01:29:00", "cpe": ["cpe:/a:trendmicro:control_manager:6.0"], "id": "CVE-2017-11387", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11387", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:trendmicro:control_manager:6.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-09-17T13:29:10", "bulletinFamily": "scanner", "cvelist": [], "description": "This test checks the setting for policy\n", "modified": "2018-09-14T00:00:00", "published": "2018-09-14T00:00:00", "id": "OPENVAS:1361412562310109609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310109609", "type": "openvas", "title": "Microsoft Windows: Service: Connected User Experiences and Telemetry Service", "sourceData": " ##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: win_connected_user_experience.nasl 11387 2018-09-14 12:19:57Z emoss $\n#\n# Check value for Connected User Experiences and Telemetry Service (DiagTrack)\n#\n# Authors:\n# Emanuel Moss <emanuel.moss@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.109609\");\n script_version(\"$Revision: 11387 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-14 14:19:57 +0200 (Fri, 14 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-14 11:25:51 +0200 (Fri, 14 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"0.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:S/C:N/I:N/A:N\");\n script_tag(name:\"qod\", value:\"97\");\n script_name('Microsoft Windows: Service: Connected User Experiences and Telemetry Service');\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH\");\n script_family(\"Policy\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_add_preference(name:\"Value\", type:\"radio\", value:\"4;0;1;2;3\");\n script_mandatory_keys(\"Compliance/Launch\");\n script_tag(name:\"summary\", value:\"This test checks the setting for policy\n'Connected User Experiences and Telemetry Service' on Windows hosts (at least Windows 7).\n\nThe service sends user data to Microsoft and enables telemetry functionality.\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"policy_functions.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n policy_logging(text:'Host is no Microsoft Windows System or it is not possible\nto query the registry.');\n exit(0);\n}\n\nif(get_kb_item(\"SMB/WindowsVersion\") < \"6.1\"){\n policy_logging(text:'Host is not at least a Microsoft Windows 7 system.\nOlder versions of Windows are not supported any more. Please update the\nOperating System.');\n exit(0);\n}\n\ntitle = 'Connected User Experiences and Telemetry Service';\nfixtext = 'Set following UI path accordingly:\nComputer Configuration/Policies/Windows Settings/Security Settings/System Services' + title;\ntype = 'HKLM';\nkey = 'SYSTEM\\\\CurrentControlSet\\\\Services\\\\DiagTrack';\nitem = 'Start';\ndefault = script_get_preference('Value');\nvalue = registry_get_dword(key:key, item:item, type:type);\nif(value == ''){\n value = '2';\n}\n\nif(int(value) == int(default)){\n compliant = 'yes';\n}else{\n compliant = 'no';\n}\n\npolicy_logging(text:'\"' + title + '\" is set to: ' + value);\npolicy_add_oid();\npolicy_set_dval(dval:default);\npolicy_fixtext(fixtext:fixtext);\npolicy_control_name(title:title);\npolicy_set_kb(val:value);\npolicy_set_compliance(compliant:compliant);\npolicy_control_name(title:title);\n\nexit(0);", "cvss": {"score": 0.0, "vector": "NONE"}}], "openbugbounty": [{"lastseen": "2018-01-13T23:14:46", "bulletinFamily": "bugbounty", "cvelist": [], "description": "##### Vulnerable URL:\n \n \n https://www.pricecheck.co.za/offers/79829556/360-degree+Rotation+Clip+%26+Screw?rc=2nff%22%3C%2ftextarea%20%3E%3Csvg%20onload=(alert)(%27OPENBUGBOUNTY%27)%20%3E\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| Yes, at 21.12.2017 \nLatest check for patch:| 21.12.2017 18:08 GMT \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 11387 \nVIP website status:| Yes \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 14 December, 2017 04:53 GMT \nGeneric security notifications sent to website owner| 14 December, 2017 04:55 GMT \nNotification sent to subscribers (without technical details)| 14 December, 2017 06:17 GMT \nVulnerability details disclosed by researcher| 13 January, 2018 05:38 GMT \nVulnerability patched by the website owner| 13 January, 2018 21:59 GMT\n", "modified": "2018-01-13T21:59:00", "published": "2017-12-14T04:53:00", "href": "https://www.openbugbounty.org/reports/453252/", "id": "OBB:453252", "type": "openbugbounty", "title": "pricecheck.co.za XSS vulnerability ", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdi": [{"lastseen": "2020-06-22T11:40:31", "bulletinFamily": "info", "cvelist": ["CVE-2017-11387"], "edition": 2, "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of debug settings. The software does not provide authentication validation for functionality that can change debug logging levels and provides incorrect authentication validation for exposing debug information. An attacker can leverage this vulnerability to expose sensitive information.", "modified": "2017-06-22T00:00:00", "published": "2017-07-31T00:00:00", "id": "ZDI-17-497", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-497/", "title": "Trend Micro Control Manager Debug Level Authentication Bypass Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "title": "apport security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7747"], "description": "Crash on audiofiles processing.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "title": "audiofile memory corruption", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "PHAR extension DoS.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "title": "PHP security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2015-3236", "CVE-2015-3153", "CVE-2015-3144", "CVE-2015-3237", "CVE-2014-0015", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "description": "Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS.", "edition": 1, "modified": "2015-11-01T00:00:00", "published": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:13544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13544", "title": "cURL security vulnerabilitiies", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7696", "CVE-2015-7697"], "description": "DoS, code execution.", "edition": 1, "modified": "2015-11-01T00:00:00", "published": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14752", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14752", "title": "unzip security vulneravilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7703", "CVE-2015-7855", "CVE-2015-5219", "CVE-2015-7704", "CVE-2015-7701", "CVE-2015-7692", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7691", "CVE-2015-5196", "CVE-2015-7705", "CVE-2015-5300", "CVE-2015-5195", "CVE-2015-7850", "CVE-2015-7853"], "description": "Multiple memory corruptions.", "edition": 1, "modified": "2015-11-01T00:00:00", "published": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14751", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14751", "title": "ntp multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-5448"], "description": "No description provided", "edition": 1, "modified": "2015-10-26T00:00:00", "published": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14749", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14749", "title": "HP Asset Manager information disclosure", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-2136", "CVE-2015-6029"], "description": "Authentication bypass, information disclosure.", "edition": 1, "modified": "2015-10-26T00:00:00", "published": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14693", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14693", "title": "HP ArcSight Logger security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7377", "CVE-2015-6000", "CVE-2015-5075", "CVE-2015-7390", "CVE-2015-6544", "CVE-2015-7668", "CVE-2015-5715", "CVE-2015-7373", "CVE-2015-6659", "CVE-2015-5956", "CVE-2015-3623", "CVE-2015-6660", "CVE-2015-7682", "CVE-2015-5723", "CVE-2015-7368", "CVE-2015-7319", "CVE-2015-7299", "CVE-2015-7669", "CVE-2015-5071", "CVE-2015-7371", "CVE-2015-7320", "CVE-2015-6497", "CVE-2015-4499", "CVE-2015-7683", "CVE-2015-7367", "CVE-2014-8778", "CVE-2015-7670", "CVE-2015-7391", "CVE-2015-7372", "CVE-2015-7366", "CVE-2015-7364", "CVE-2015-7667", "CVE-2015-5072", "CVE-2015-6545", "CVE-2015-7370", "CVE-2015-7666", "CVE-2015-6658", "CVE-2015-6576", "CVE-2015-5076", "CVE-2015-6584", "CVE-2015-5074", "CVE-2015-5603", "CVE-2015-7365", "CVE-2015-6661", "CVE-2015-7369", "CVE-2015-5714", "CVE-2015-6665"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2015-10-26T00:00:00", "published": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14750", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
