http://www.dragonsoft.com.tw/epaper/
DragonSoft (Chinese/English) Vulnerability and Threat Knowledge Base:
http://vdb.dragonsoft.com/
Contents:
* 2 Reported Vulnerabilities
* Sort by Risk
-------------------------------------------------
Date Reported: 2008/10/16
Name: Oracle Multiple Vulnerabilities-Oct 2008
Risk: High
CVSS Base Score: 10
Category: Oracle
Affect OS: Windows NT4, 2000, XP, 2003UNIX
Description (English): http://vdb.dragonsoft.com/detail.php?id=3387
Date Reported: 2008/10/16
Name: Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Risk: Medium
CVSS Base Score: 4.3
Category: Web Servers
Affect OS: UNIX
Description (English): http://vdb.dragonsoft.com/detail.php?id=3388
-------------------------------------------------
Risk:
High: Allow immediate remote, or local access or immediate execution of code or commands,
with unauthorized privileges, and bypassing security on firewalls.
Medium: Potential of granting access or allowing code execution by means of complex or
lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service, information disclosure.
Low: deny service or provide non-system information that could be used to formulate
structured attacks on a target, but not directly gain unauthorized access.
-------------------------------------------------
Copyright (c) DragonSoft Security Associates, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this document.
It is not to be edited or altered in any way without the express written consent
of the DragonSoft Security Associates. If you wish to reprint the whole or any
part of this document in any other medium excluding electronic media, please email
alert@dragonsoft.com for permission.
Disclaimer: The information in the database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information, implied or otherwise,
with regard to this information or its use. Any use of this information is at
the user's risk. In no event shall the author/distributor be held liable for any
damages whatsoever arising out of or in connection with the use or spread of this information.
Please send suggestions, updates, and comments to: DragonSoft
vdb_adm@dragonsoft.com of DragonSoft Security Associates, Inc.
About DragonSoft Security Associates:
DragonSoft Security Associates is a leading developer in Taiwan for network security software
and an active contributor to network security education.
Founded in 2002, DragonSoft offers vulnerability management solutions, including
vulnerability assessment, System Security Management and intrusion prevention.
DragonSoft Security Associates, Inc. http://www.dragonsoft.com/
Taipei: 9F, No 351, Sec.2, Chun-Sun Road, Chun-Ho City, Taiwan 235
Tel. +886-2-8221-5408 Fax. +886-2-8221-5476
Hsinchu: 5F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300
Tel. +886-3-5630989 Fax. +886-3-5797758