Alexander Klink

**Name of the Vulnerable Software and Affected Versions** Apache Ranger versions prior to 1.2.0 **Description** The issue concerns a Stack-based buffer overflow that was addressed by updating the UnixAuthenticationService in Apache Ranger to correctly handle user input. **Recommendations** For versions prior to 1.2.0, upgrade to version 1.2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft .NET Framework versions 1.1 SP1 through 4.5.2 **Description** The issue is related to the improper use of a hash table for request data, allowing remote attackers to cause a denial of service via crafted requests. This can lead to resource consumption and performance degradation. An attacker can exploit this by sending a small number of specially crafted requests to a .NET server, causing significant performance degradation and a denial of service condition. **Recommendations** For Microsoft .NET Framework versions 1.1 SP1 through 4.5.2, consider implementing measures to restrict the impact of specially crafted requests on server performance, such as limiting the number of concurrent requests or implementing rate limiting. As a temporary workaround, consider restricting access to sensitive resources until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Outlook versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT **Description** The issue allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message. An attacker who successfully exploited this issue could ascertain system information, such as the IP address and open TCP ports, from the target system and other systems that share the network with the target system. **Recommendations** For Microsoft Outlook versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM Lotus Notes versions 8.x through 8.5.3 before FP4 Interim Fix 1 IBM Lotus Notes versions 9.0 before Interim Fix 1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message. **Recommendations** For IBM Lotus Notes versions 8.x through 8.5.3 before FP4 Interim Fix 1, apply FP4 Interim Fix 1 to resolve the issue. For IBM Lotus Notes versions 9.0 before Interim Fix 1, apply Interim Fix 1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM Lotus Notes versions 8.x through 8.5.3 before FP4 Interim Fix 1 IBM Lotus Notes version 9.0 before Interim Fix 1 **Description** The issue allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, as IBM Lotus Notes does not block APPLET elements in HTML e-mail. **Recommendations** For IBM Lotus Notes versions 8.x through 8.5.3 before FP4 Interim Fix 1, apply FP4 Interim Fix 1 to resolve the issue. For IBM Lotus Notes version 9.0 before Interim Fix 1, apply Interim Fix 1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Subversion versions 1.6.x through 1.6.20 Subversion versions 1.7.0 through 1.7.8 **Description** The issue allows remote authenticated users to cause a denial of service by setting or deleting a large number of properties for a file or directory, resulting in memory consumption. **Recommendations** For Subversion versions 1.6.x through 1.6.20, update to version 1.6.21 or later. For Subversion versions 1.7.0 through 1.7.8, update to a version later than 1.7.8.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions prior to 7 Update 6 OpenJDK versions prior to 7u6 build 12 and 8 before build 39 **Description** The issue allows context-dependent attackers to cause a denial of service, specifically CPU consumption, via crafted input to an application that maintains a hash table. This is due to the computation of hash values without restricting the ability to trigger hash collisions predictably. **Recommendations** For Oracle Java SE versions prior to 7 Update 6, update to version 7 Update 6 or later. For OpenJDK versions prior to 7u6 build 12, update to 7u6 build 12 or later. For OpenJDK version 8 before build 39, update to build 39 or later.

**Name of the Vulnerable Software and Affected Versions** Python versions prior to 2.6.8 Python versions 2.7.x prior to 2.7.3 Python versions 3.x prior to 3.1.5 Python versions 3.2.x prior to 3.2.3 **Description** The issue allows context-dependent attackers to cause a denial of service, specifically high CPU consumption, via crafted input to an application that maintains a hash table. This is due to the computation of hash values without restricting the ability to trigger hash collisions predictably. An error within a hash generation function when hashing form posts and updating a hash table can be exploited to cause a hash collision. This can be achieved by sending a specially crafted form in an HTTP POST request. **Recommendations** For versions prior to 2.6.8, update to version 2.6.8 or later. For versions 2.7.x prior to 2.7.3, update to version 2.7.3 or later. For versions 3.x prior to 3.1.5, update to version 3.1.5 or later. For versions 3.2.x prior to 3.2.3, update to version 3.2.3 or later.

**Name of the Vulnerable Software and Affected Versions** OCaml versions 3.12.1 and earlier **Description** The issue allows context-dependent attackers to cause a denial of service, specifically CPU consumption, by providing crafted input to an application that uses hash tables. This is possible because OCaml computes hash values without properly restricting the ability to predictably trigger hash collisions. **Recommendations** For versions 3.12.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions prior to 5.5.35 Apache Tomcat versions 6.x prior to 6.0.35 Apache Tomcat versions 7.x prior to 7.0.23 **Description** The issue allows remote attackers to cause a denial of service by sending many crafted parameters, resulting in CPU consumption due to hash collisions. **Recommendations** For versions prior to 5.5.35, update to version 5.5.35 or later. For versions 6.x prior to 6.0.35, update to version 6.0.35 or later. For versions 7.x prior to 7.0.23, update to version 7.0.23 or later.

**Name of the Vulnerable Software and Affected Versions** Rack versions prior to 1.1.3 Rack versions 1.2.x prior to 1.2.5 Rack versions 1.3.x prior to 1.3.6 **Description** The issue allows remote attackers to cause a denial of service by sending many crafted parameters, resulting in CPU consumption due to hash collisions. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later. For versions 1.2.x prior to 1.2.5, update to version 1.2.5 or later. For versions 1.3.x prior to 1.3.6, update to version 1.3.6 or later.

**Name of the Vulnerable Software and Affected Versions** Plone versions 4.1.3 and earlier **Description** The issue allows remote attackers to cause a denial of service by sending many crafted parameters, resulting in CPU consumption due to hash collisions. **Recommendations** For Plone versions 4.1.3 and earlier, update to a version later than 4.1.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JRuby versions prior to 1.6.5.1 **Description** The issue allows context-dependent attackers to cause a denial of service, specifically CPU consumption, via crafted input to an application that maintains a hash table. This is due to the computation of hash values without restricting the ability to trigger hash collisions predictably. **Recommendations** For versions prior to 1.6.5.1, update to version 1.6.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google V8 (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service by sending many crafted parameters, resulting in CPU consumption. This is demonstrated by attacks against Node.js, where hash collisions can be triggered predictably due to the lack of restriction in computing hash values for form parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jetty versions 8.1.0.RC2 and earlier **Description** The issue allows remote attackers to cause a denial of service by sending many crafted parameters, resulting in CPU consumption due to hash collisions. **Recommendations** For Jetty versions 8.1.0.RC2 and earlier, consider updating to a version that addresses this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Glassfish versions 2.1.1 through 3.1.1 **Description** The issue allows remote attackers to cause a denial of service by sending many crafted parameters, resulting in CPU consumption. This is due to the computation of hash values for form parameters without restricting the ability to trigger hash collisions predictably. **Recommendations** For Oracle Glassfish versions 2.1.1 through 3.1.1, consider restricting the ability to send many crafted parameters to prevent denial of service attacks. As a temporary workaround, consider implementing measures to limit CPU consumption when handling form parameters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruby versions prior to 1.8.7-p357 **Description** The issue allows context-dependent attackers to cause a denial of service, specifically CPU consumption, by providing crafted input to an application that maintains a hash table, thus triggering hash collisions predictably. **Recommendations** For versions prior to 1.8.7-p357, update to version 1.8.7-p357 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft .NET Framework versions 1.1 SP1 through 4.0 **Description** A denial of service issue exists due to the way ASP.NET Framework handles specially crafted requests, causing a hash collision. This allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. An attacker who successfully exploited this issue could send a small number of specially crafted requests to an ASP.NET server, causing performance to degrade significantly enough to cause a denial of service condition. **Recommendations** For Microsoft .NET Framework versions 1.1 SP1 through 4.0, consider restricting the ability to trigger hash collisions predictably in the CaseInsensitiveHashProvider.getHashCode function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CAcert versions prior to 20080928 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `CN` (CommonName) field in the subject of an X.509 certificate. This occurs in the analyse.php file. **Recommendations** For versions prior to 20080928, update to version 20080928 or later to resolve the issue. As a temporary workaround, consider restricting access to the analyse.php file until the update is applied. Avoid using the `CN` field in the subject of an X.509 certificate in analyse.php until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Microsoft Crypto API versions 5.131.2600.2180 through 6.0 Description: The issue allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, by using a crafted certificate with an Authority Information Access (AIA) extension in a S/MIME e-mail message or signed document. This is due to the Microsoft Crypto API performing Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate. Recommendations: For Microsoft Crypto API versions 5.131.2600.2180 through 6.0, consider restricting access to the Authority Information Access (AIA) extension to minimize the risk of exploitation. As a temporary workaround, avoid using the AIA extension in certificates until a patch is available.