Next Page >>
sections
* NAT for Session Initiation Protocol (SIP)
* NAT for H.323
The preferred method to verify whether NAT is enabled on a Cisco IOS
device is to log in to the device and issue the "show ip nat
statistics" command. If NAT is active the sections Outside interfaces
and Inside interfaces will each include at least one interface. The
following example shows a device on which the NAT feature is active:
Router#show ip nat statistics
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.1YI | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.1YJ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed Release for | All Advisories in the |
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+-----------------------+-----------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2CZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2DD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2CZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2DD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+-----------------------+-----------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2EWA | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+--------------------+--------------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+-----------------------+-----------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
| | | vulnerable. |
|------------+--------------+--------------------------------|
| | | Vulnerable; contact your |
| | Not | support organization per the |
| 12.2EWA | vulnerable | instructions in the Obtaining |
| | | Fixed Software section of this |
| | | advisory. |
|------------+--------------+--------------------------------|
| 12.2EX | Not | 12.2(55)EX3 |
| | vulnerable | |
|------------+--------------+--------------------------------|
|------------+------------------+----------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2EWA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+------------------+----------------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+------------------+----------------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
|------------+------------------+----------------------------|
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2EX | 12.2(55)EX3 | 12.2(55)EX3 |
|------------+----------------+------------------------------|
| 12.2EY | 12.2(58)EY | 12.2(58)EY |
|------------+----------------+------------------------------|
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3JEC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3JED | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4GC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.4JA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
|------------+---------------------------------------+--------------|
| 12.2YG | Not Vulnerable | |
|------------+---------------------------------------+--------------|
| | Vulnerable; Contact your support | |
| 12.2YH | organization per the instructions in | |
| | Obtaining Fixed Software section of | |
| | this advisory | |
|------------+---------------------------------------+--------------|
| | Vulnerable; Contact your support | |
| 12.2YJ | organization per the instructions in | |
| | Obtaining Fixed Software section of | |
142 |public function getCommand( ipsRegistry $registry )
143 |{
144 | $_NOW = IPSDebug::getMemoryDebugFlag();
145 |
146 | $module = ipsRegistry::$current_module;
147 | $section = ipsRegistry::$current_section;
148 | $filepath = IPSLib::getAppDir( IPS_APP_COMPONENT ) .
'/' . self::$modules_dir . '/' . $module . '/';
149 |
150 | /* Got a section? */
151 | if ( ! $section )
####################
2. Vulnerabilities:
####################
2.1. Insecure Direct Object Reference [in "bs_login.asp"]. Everyone can change admin password.
2.1.1. Exploit:
Check the exploit section.
2.2. Insecure Direct Object Reference [in "bs_login.asp"]. Everyone can edit all the site info., such as admin email address.
2.2.1. Exploit:
Check the exploit section.
2.3. Insecure Direct Object Reference [in "bs_login.asp"]. Everyone can edit all the site design. (Also, all the site settings can be changed by other parameters)
2.3.1. Exploit:
configured for Cisco IOS SSL VPNs and is vulnerable:
If the output from show running-config | include webvpn contains
"webvpn gateway <word>" then the device is supporting the Cisco IOS
SSL VPN feature. A device is vulnerable if it has the inservice
command in at least one of the "webvpn gateway" sections and is
configured for HTTP port redirection. The following example shows a
vulnerable device configured with Cisco IOS SSL VPN:
Router#show running | section webvpn
webvpn gateway Gateway
Affected Products
=================
Cisco is currently evaluating products for possible exposure to these
TLS issues. Products will only be listed in the Vulnerable Products or
Products Confirmed Not Vulnerable sections of this advisory when a final
determination about product exposure is made. Products that are not
listed in either of these two sections are still being evaluated.
Vulnerable Products
- -------------------
available at the usual places (including:
http://tools.ietf.org/id/draft-ietf-tcpm-tcp-security-01.txt). (It is
a derivative of the CPNI TCP-security document published last year,
available at: http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf)
The current plan is discuss each section of the draft piecemeal (it is
a very large document), get consensus on the changes to apply to the
existing text, and then move on to the next section.
Therefore I'm requesting feedback on all the sections through Section
3.1.2.3. -- this includes the introduction sections, the basic
>
> Well, I guess this is the point at which an engineering
> decision is made. I mean, if one is concerned with traffic
> analysis, then make TABLE_LENGTH as large as possible. e.g.,
> with only 2KB of memory, you could compartmentalize the port
> sapce into 1024 sections.
>
>
Even so, an attacker can poll a section, or several sections (forcing
the target host to connect to different IP:port combinations), and
####################
2. Vulnerabilities:
####################
2.1. Directory Traversal in "/download.php" in "dfile" parameter.
2.1.1. Exploit:
Check the exploit/POC section.
2.2. Injection Flaws. SQL Injection in "/rating.php" in "book_id" parameter.
2.2.1. Exploit:
Check the exploit/POC section.
2.3. Cross Site Scripting (XSS). Reflected XSS attack in "/login.php" in URL parameters.
2.3.1. Exploit:
server is running software version T27 SP25 EP4.
To determine whether a Cisco WebEx meeting site is running an
affected version of the WebEx client build, users can log in to
their Cisco WebEx meeting site and go to the Support > Downloads
section. The version of the WebEx client build will be displayed
on the right side of the page under "About Support Center." See
"Software Versions and Fixes" for details.
Cisco recommends that users upgrade to the most current version
of the player that is available from www.webex.com/
####################
2. Vulnerabilities:
####################
2.1. Injection Flaws, Cross Site Scripting (XSS). SQL Injection in "/ansFAQ.asp" in "id" parameter. Reflected XSS attack in "/ansFAQ.asp" in "topic" and "button" parameters.
2.1.1. Exploit:
Check the exploit/POC section.
2.2. Injection Flaws. SQL Injection in "preview.asp" in "template_id" parameter.
2.2.1. Exploit:
Check the exploit/POC section.
2.3. Information Leakage. Database path disclosure in "/cms/include/trigger.asp" and/or "/cms/include/common2.asp".
2.3.1. Exploit:
- -----/
According to the .MBM format [3], the structure of an MBM is the
following (beginning with a Header Section):
/-----
Offset Size Data Description
0000 ID 37 00 00 10 UID1: Header Section layout
####################
2. Vulnerabilities:
####################
2.1. Directory Traversal in "/download.php" in "dfile" parameter.
2.1.1. Exploit:
Check the exploit/POC section.
2.2. Injection Flaws. SQL Injection in "/rating.php" in "book_id" parameter.
2.2.1. Exploit:
Check the exploit/POC section.
2.3. Cross Site Scripting (XSS). Reflected XSS attack in "/login.php" in URL parameters.
2.3.1. Exploit:
8. *Technical Description*
8.1 A Reflected Cross Site Scripting vulnerability was found in the
"productStoreId" variable within the 'Export Product Listing' section.
When rendering menu widget item links of type hidden-form, the hidden
input value attributes were not being html encoded. In many cases these
hidden input values are derived from request parameters and could be used
in a Reflected Cross-Site Scripting attack.
####################
2. Vulnerabilities:
####################
2.1. Directory Traversal in "/download.php" in "dfile" parameter.
2.1.1. Exploit:
Check the exploit/POC section.
2.2. Injection Flaws. SQL Injection in "/rating.php" in "book_id" parameter.
2.2.1. Exploit:
Check the exploit/POC section.
2.3. Cross Site Scripting (XSS). Reflected XSS attack in "/login.php" in URL parameters.
2.3.1. Exploit:
####################
2. Vulnerabilities:
####################
2.1. Injection Flaws, Cross Site Scripting (XSS). SQL Injection in "/ansFAQ.asp" in "id" parameter. Reflected XSS attack in "/ansFAQ.asp" in "topic" and "button" parameters.
2.1.1. Exploit:
Check the exploit/POC section.
2.2. Injection Flaws. SQL Injection in "preview.asp" in "template_id" parameter.
2.2.1. Exploit:
Check the exploit/POC section.
2.3. Information Leakage. Database path disclosure in "/cms/include/trigger.asp" and/or "/cms/include/common2.asp".
2.3.1. Exploit:
4. Select the Version link, which is displayed on the right side of
the top of the page.
5. The Client Build version is displayed in a pop-up window.
There is currently no fixed version for the WBS 25-based WebEx
meeting service. This section of the Security Advisory will be
updated when fixed version information is available.
For the WBS 23 version:
Servers that run WBS 23-based WebEx meeting service display version
Next Page>>
|
