Potential Security Impact: Incomplete update installation
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Windows on systems which are also running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM). The vulnerability may result in the incomplete installation of OpenSSL updates, including security updates.
References: none
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP System Management Homepage (SMH) on Windows systems which are also running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM)
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02560536
Version: 1
HPSBMA02597 SSRT100198 rev.1 - HP Version Control Repository Manager (VCRM) for Windows, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-10-25
Last Updated: 2010-10-25
CVE Number: CVE-2007-6349
Reference: http://www.securityfocus.com/bid/26806
Overview:
- From wikipedia: "Perforce is a commercial Revision Control (RC)
system. It is developed by Perforce Software, Inc. and was founded
in 1995 by Christopher Seiwald. The Perforce system is based on a
client/server model with the server managing the collection of
source versions in one or more depots. The server software runs on
the Unix, Mac OS X, or Microsoft Windows operating systems.
Vendor description:
-------------------
MyDMS is an open-source, web-based document management system (DMS)
written in PHP with a database backend. Originally coded by Markus
Westphal, MyDMS provides document meta-data, version control, security
and easy access to your documents.
source: http://sourceforge.net/projects/mydms/
exploited by malicious people to bypass certain security restrictions.
Background
==========
ViewVC is a browser interface for CVS and Subversion version control
repositories.
Affected packages
=================
exploited by malicious people to bypass certain security restrictions.
Background
==========
ViewVC is a browser interface for CVS and Subversion version control
repositories.
Affected packages
=================
exploited by malicious people to bypass certain security restrictions.
Background
==========
ViewVC is a browser interface for CVS and Subversion version control
repositories.
Affected packages
=================
Where: Remote
======================================================================
3) Vendor's Description of Software
"ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable
directory, revision, and change log listings. It can display specific
versions of files as well as diffs between those versions.".
Product Link:
