Ciscoworks_common_management_foundation - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ciscoworks_common_management_foundation
(Cisco)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	6

Date	Id	Summary	Products	Score	Patch	Annotated
2004-11-23	CVE-2004-0112	The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.	Webstar, Mac_os_x, Mac_os_x_server, Converged_communications_server, Intuity_audix, S8300, S8500, S8700, Sg200, Sg203, Sg208, Sg5, Vsu, Cacheos_ca_sa, Proxysg, Firewall\-1, Provider\-1, Vpn\-1, Access_registrar, Application_and_content_networking_software, Call_manager, Ciscoworks_common_management_foundation, Ciscoworks_common_services, Content_services_switch_11500, Css11000_content_services_switch, Css_secure_content_accelerator, Firewall_services_module, Gss_4480_global_site_selector, Gss_4490_global_site_selector, Ios, Mds_9000, Okena_stormwatch, Pix_firewall, Pix_firewall_software, Secure_content_accelerator, Threat_response, Webns, Bsafe_ssl\-J, Stonegate, Freebsd, Aaa_server, Apache\-Based_web_server, Hp\-Ux, Wbem, Litespeed_web_server, Instant_virtual_extranet, Edirectory, Imanager, Openbsd, Openssl, Enterprise_linux, Enterprise_linux_desktop, Linux, Openssl, Openserver, Sidewinder, Propack, Servercluster, Stonebeat_fullcluster, Stonebeat_securitycluster, Stonebeat_webcluster, Crypto_accelerator_4000, Clientless_vpn_gateway_4400, Tarantella_enterprise, Gsx_server	N/A
2004-11-23	CVE-2004-0079	The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.	Webstar, Mac_os_x, Mac_os_x_server, Converged_communications_server, Intuity_audix, S8300, S8500, S8700, Sg200, Sg203, Sg208, Sg5, Vsu, Cacheos_ca_sa, Proxysg, Firewall\-1, Provider\-1, Vpn\-1, Access_registrar, Application_and_content_networking_software, Call_manager, Ciscoworks_common_management_foundation, Ciscoworks_common_services, Content_services_switch_11500, Css11000_content_services_switch, Css_secure_content_accelerator, Firewall_services_module, Gss_4480_global_site_selector, Gss_4490_global_site_selector, Ios, Mds_9000, Okena_stormwatch, Pix_firewall, Pix_firewall_software, Secure_content_accelerator, Threat_response, Webns, Bsafe_ssl\-J, Freebsd, Aaa_server, Apache\-Based_web_server, Hp\-Ux, Wbem, Speed_technologies_litespeed_web_server, Instant_virtual_extranet, Edirectory, Imanager, Openbsd, Openssl, Enterprise_linux, Enterprise_linux_desktop, Linux, Openssl, Openserver, Sidewinder, Propack, Servercluster, Stonebeat_fullcluster, Stonebeat_securitycluster, Stonebeat_webcluster, Stonegate, Stonegate_vpn_client, Crypto_accelerator_4000, Clientless_vpn_gateway_4400, Tarantella_enterprise, Gsx_server	7.5
2004-11-23	CVE-2004-0081	OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.	Webstar, Mac_os_x, Mac_os_x_server, Converged_communications_server, Intuity_audix, S8300, S8500, S8700, Sg200, Sg203, Sg208, Sg5, Vsu, Cacheos_ca_sa, Proxysg, Firewall\-1, Provider\-1, Vpn\-1, Access_registrar, Application_and_content_networking_software, Call_manager, Ciscoworks_common_management_foundation, Ciscoworks_common_services, Content_services_switch_11500, Css11000_content_services_switch, Css_secure_content_accelerator, Firewall_services_module, Gss_4480_global_site_selector, Gss_4490_global_site_selector, Ios, Mds_9000, Okena_stormwatch, Pix_firewall, Pix_firewall_software, Secure_content_accelerator, Threat_response, Webns, Bsafe_ssl\-J, Freebsd, Aaa_server, Apache\-Based_web_server, Hp\-Ux, Wbem, Speed_technologies_litespeed_web_server, Instant_virtual_extranet, Edirectory, Imanager, Openbsd, Openssl, Enterprise_linux, Enterprise_linux_desktop, Linux, Openssl, Openserver, Sidewinder, Propack, Servercluster, Stonebeat_fullcluster, Stonebeat_securitycluster, Stonebeat_webcluster, Stonegate, Stonegate_vpn_client, Crypto_accelerator_4000, Clientless_vpn_gateway_4400, Tarantella_enterprise, Gsx_server	N/A
2005-05-31	CVE-2005-0356	Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.	Alaxala_networks, Agent_desktop, Aironet_ap1200, Aironet_ap350, Call_manager, Ciscoworks_1105_hosting_solution_engine, Ciscoworks_1105_wireless_lan_solution_engine, Ciscoworks_access_control_list_manager, Ciscoworks_cd1, Ciscoworks_common_management_foundation, Ciscoworks_common_services, Ciscoworks_lms, Ciscoworks_vpn_security_management_solution, Ciscoworks_windows, Ciscoworks_windows_wug, Conference_connection, Content_services_switch_11000, Content_services_switch_11050, Content_services_switch_11150, Content_services_switch_11500, Content_services_switch_11501, Content_services_switch_11503, Content_services_switch_11506, Content_services_switch_11800, E\-Mail_manager, Emergency_responder, Intelligent_contact_manager, Interactive_voice_response, Ip_contact_center_enterprise, Ip_contact_center_express, Meetingplace, Mgx_8230, Mgx_8250, Personal_assistant, Remote_monitoring_suite_option, Secure_access_control_server, Sn_5420_storage_router, Sn_5420_storage_router_firmware, Sn_5428_storage_router, Support_tools, Unity_server, Web_collaboration_option, Webns, Tmos, Freebsd, Alaxala, Gr3000, Gr4000, Gs4000, Windows_2000, Windows_2003_server, Windows_xp, 7220_wlan_access_point, 7250_wlan_access_point, Business_communications_manager, Callpilot, Contact_center, Ethernet_routing_switch_1612, Ethernet_routing_switch_1624, Ethernet_routing_switch_1648, Optical_metro_5000, Optical_metro_5100, Optical_metro_5200, Succession_communication_server_1000, Survivable_remote_gateway, Universal_signaling_point, Openbsd, Rt105, Rt250i, Rt300i, Rt57i, Rtv700, Rtx1000, Rtx1100, Rtx1500, Rtx2000	N/A
2003-10-20	CVE-2003-0732	CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.	Ciscoworks_cd1, Ciscoworks_common_management_foundation, Resource_manager, Resource_manager_essentials	N/A
2003-10-20	CVE-2003-0731	CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.	Ciscoworks_cd1, Ciscoworks_common_management_foundation, Resource_manager, Resource_manager_essentials	N/A