Network Security News – Friday, May 27, 2005 Events
BEA WebLogic Unspecified Remote DoS
WebLogic contains a flaw that may allow a remote denial of service. The issue is due to a remote buffer overflow which can cause thread looping resulting in high CPU utilization, and will result in loss of availability for the platform.. Read more at osvdb.org/16840
BEA WebLogic Failed Login Password Disclosure
WebLogic Portal contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by a failed login attempt which echoes the incorrect password to standard output, resulting in a loss of confidentiality.. Read more at osvdb.org/16836
IMail IMAP SELECT Command Remote DoS
A remote overflow exists in IMail Server. The IMAP service (IMAP4D32.EXE) fails to perform proper bounds checking resulting in a buffer overflow. By passing an overly long string to the 'SELECT' command, a remote attacker can cause the IMAP service to crash resulting in a loss of availability.. Read more at osvdb.org/16807
IMail IMAP STATUS Command Mailbox Name Overflow
A remote overflow exists in IMail Server. The IMAP service (IMAPD32.EXE) fails to perform proper bounds checking resulting in a buffer overflow. By passing an overly long mailbox name to the 'STATUS' command, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/16806
IMail Web Calendaring Server GET Request Traversal Arbitrary File Access
The Web Calendaring component in IMail Server contains a flaw that allows a remote attacker to access arbitrary files. The issue occurs when requesting nonexistent JavaScript (*.jsp) files followed by traversal style attacks (../../) resulting in a loss of confidentiality.. Read more at osvdb.org/16805
IMail IMAP LOGIN username Remote Overflow
A remote overflow exists in IMail Server. The IMAP service (IMAP4D32.EXE) fails to perform proper bounds checking resulting in a buffer overflow. By passing either an overly long username starting with special characters to the 'LOGIN' command, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/16804
IMail IMAP Daemon Malformed LSUB Command Remote DoS
IMail Server contains a flaw that may allow a remote denial of service. The issue is due to the IMAP daemon (IMAPD32.EXE) service while parsing malformed LSUB commands. By passing an overly long string of NULL characters to the 'LSUB' command, a remote attacker can cause the daemon to go into an infinite loop and consume all available CPU resources resulting in a loss of availability for the IMAP service.. Read more at osvdb.org/16803
Leave a Reply