Alert Details

Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      

Current Alerts

AlertTitleFirefox

Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote or local user can gain elevated privileges. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information on the target system.
More info.

RedHat has updated.  More info.
CentOS has updated.  More info.
Oracle Linux has updated.  More info.
Ubuntu has updated.  More info.

UPDATE:
Debian has updated iceweasel.  More info.
Ubuntu also updated Thunderbird and Oxide.   More info.

AlertTitleHP

A potential security vulnerability has been identified with HP XP7 Command View Advanced Edition Suite and HP XP P9000 Command View Advanced Edition Software including Device Manager and Hitachi Automation Director (HAD). The vulnerability could be remotely exploited resulting in Server-Side Request Forgery (SSRF).

More info.

Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS).
More info.

AlertTitleBlueCoat

Blue Coat products that include affected versions of libssh2 are susceptible to a truncated Diffie-Hellman secret length vulnerability.  A remote man-in-the-middle (MITM) attacker can exploit this vulnerability to intercept SSH connections that originate from Blue Coat products. The MITM attacker can read and modify the data encrypted in the intercepted SSH connections.  Multiple products are affected, but only Mail Threat Defense has a fix.
More info.

Blue Coat products that include vulnerable versions of OpenSSH and enable X11 forwarding are susceptible to a command injection vulnerability due to insufficient input data sanitization.  An authenticated remote attacker can exploit this vulnerability to bypass intended command restrictions enforced by a restricted shell or the target's SSH configuration.  The attacker can also execute arbitrary commands.  No fixes yet.
More info.

AlertTitleApache

Apache Subversion has been updated to fix two security vulnerabilities, including a remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check.

More info.

AlertTitleCisco

vulnerability in the default configuration of the XML parser component of Cisco Information Server (CIS) could allow an unauthenticated, remote attacker to access sensitive data or cause excessive consumption of system resources, which could cause a denial of service (DoS) condition on a targeted system.
More info.

Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.  No fix for this one yet.
More info.

A vulnerability in the Cisco WebEx Meetings Server (CWMS) web interface could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.
More info.

A vulnerability in the application programming interface (API) of Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, remote attacker to create false system notifications for administrators.
More info.

AlertTitleChrome

The stable channel has been updated to 50.0.2661.94 for Windows, Mac, and Linux with 9 security fixes.
More info.

AlertTitleOpenSSL

The OpenSSL project team has pre-announced the release of OpenSSL versions 1.0.2h, 1.0.1t. These releases will be made available on 3rd May 2016 and will fix several security defects with maximum severity "high".
More info.

AlertTitlePHP

PHP has release updates containing at least two security fixes.

More info here and here.

AlertTitleBlank
 

 

AlertTitleBlank

 
 

AlertTitleBlank

 

 

AlertTitleBlank

 

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/