Alert Details

Computer Network Defence Alert State

 

Radar Page

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

 

Current Alerts

AlertTitleAdobe

Adobe Digital Editions transmitted your license and reading habit information in clear text.  They've taken heat over both clear text and the amount of data they collect.  They've published an update that corrects the clear text issue.

More info.

AlertTitleNetwork

Many NAT-PMP devices are incorrectly configured, allowing them to field requests received on external network interfaces or map forwarding routes to addresses other than that of the requesting host, making them potentially vulnerable to information disclosure and malicious port mapping requests.

More info

AlertTitleIBM

There are multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition, Versions 6 and 7, which affect IBM Data Studio Web Console

More info.

AlertTitleSAP

A remote attacker can conduct a denial of service attack against SAProuter, or affect its control flow, without authorization.

More info.

AlertTitleCisco

A vulnerability in the Ethernet Connectivity Fault Management (CFM) handling code of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

More info.

AlertTitleHP

Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities.

More info.

AlertTitleSuSE

A number of security patches have been released by SuSE, including a remote DoS attack on the linux kernel using SCTP, and another DoS with a network race condition.

More info.

 

OpenSuSE as well.

More info.

AlertTitleIBM

Tivoli Integrated Portal (TIP) has been identified as having a Cross-site scripting security vulnerability in some TIP URLs.

More info.

 

A debug port is opened that a remote attacker could connect to during the IBM Security AppScan Source installation and uninstallation process.

More info.

 

Spring Framework may be prone to multiple XML External Entity injection vulnerabilities and may be vulnerable to cross site scripting issues when using Spring MVC.

More info.

 

IBM Algo One is affected by multiple Open Source Tomcat security vulnerabilities.

More info.

AlertTitleF5

F5 is reporting that A flaw in the DTLS SRTP extension parsing code allows an attacker, who ends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured.

More info.

AlertTitleVMware

VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability.

More info.

AlertTitleCisco

A 10 year old TCP issue has been identified and fixed in Cisco Standalone rack server CIMC.

More info.

AlertTitleQuickTime

Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

More info.

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cnd-logo-full-3

 

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.vupen.com/english/security-advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/content/corelabs-advisories

http://www.iss.net/threats/ThreatList.php
http://www.sourcefire.com/security-technologies/snort/vulnerability-research-team/advisories

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/