Description

Download Security Update 27 Release Notes (PDF)

Use the LiveUpdate feature of Symantec NetRecon 3.6 to download the security update.

Symantec NetRecon 3.6 Security Update 27 (SU 27) detects and reports 117 new vulnerabilities.

New vulnerabilities

ID	Vulnerability name
4057	Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4056	Apache 2 for Windows php.exe Path Disclosure Vulnerability
2503	Apache Artificially Long Slash Path Directory Listing Vulnerability
14660	Apache CGI Byterange Request Denial of Service Vulnerability
9921	Apache Connection Blocking Denial Of Service Vulnerability
4358	Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4437	Apache Error Message Cross-Site Scripting Vulnerability
9874	Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
5992	Apache HTDigest Insecure Temporary File Vulnerability
13537	Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
13778	Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
8707	Apache htpasswd Password Entropy Weakness
13777	Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
14106	Apache HTTP Request Smuggling Vulnerability
3796	Apache HTTP Request Unexpected Behavior Vulnerability
1548	Apache Jakarta-Tomcat /admin Context Vulnerability
3176	Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10212	Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11185	Apache Mod_DAV LOCK Denial Of Service Vulnerability
9571	Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11471	Apache mod_include Local Buffer Overflow Vulnerability
9471	Apache mod_perl Module File Descriptor Leakage Vulnerability
6117	Apache mod_php File Descriptor Leakage Vulnerability
9599	Apache mod_php Global Variables Information Disclosure Weakness
9302	Apache mod_php Module File Descriptor Leakage Vulnerability
10508	Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
14366	Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
11154	Apache mod_ssl Remote Denial of Service Vulnerability
12877	Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10355	Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
11360	Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
14721	Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10789	Apache mod_userdir Module Information Disclosure Vulnerability
3521	Apache mod_usertrack Predictable ID Generation Vulnerability
3790	Apache Non-Existent Log Directory Denial Of Service Vulnerability
3009	Apache Possible Directory Index Disclosure Vulnerability
4431	Apache PrintEnv/Test_CGI Script Injection Vulnerability
11239	Apache Satisfy Directive Access Control Bypass Vulnerability
3169	Apache Server Address Disclosure Vulnerability
3596	Apache Split-Logfile File Append Vulnerability
2518	Apache Tomcat 3.0 Directory Traversal Vulnerability
1531	Apache Tomcat 3.1 Path Revealing Vulnerability
5194	Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
13756	Apache Tomcat Java Security Manager Bypass Vulnerability
8824	Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
12795	Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
15325	Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
1532	Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
12308	Apache Utilities Insecure Temporary File Creation Vulnerability
2216	Apache Web Server DoS Vulnerability
6320	Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
8725	Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
3542	Cisco Access Control List Fragment Keyword Ignored Vulnerability
53	Cisco Access List Vulnerability
8290	Cisco Aironet AP1x00 Malformed HTTP GET Denial Of Service Vulnerability
8292	Cisco Aironet Telnet Service User Account Enumeration Weakness
6059	Cisco AS5350 Universal Gateway Portscan Denial Of Service Vulnerability
10186	Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability
4947	Cisco IOS 12.1 Large TCP Scan Denial of Service Vulnerability
14092	Cisco IOS AAA RADIUS Authentication Bypass Vulnerability
10560	Cisco IOS Border Gateway Protocol Denial Of Service Vulnerability
12370	Cisco IOS Border Gateway Protocol Processing Remote Denial Of Service Vulnerability
11649	Cisco IOS DHCP Input Queue Blocking Denial Of Service Vulnerability
13031	Cisco IOS Easy VPN Server XAUTH Authentication Bypass Vulnerability
14770	Cisco IOS Firewall Authentication Proxy Buffer Overflow Vulnerability
14414	Cisco IOS IPv6 Processing Arbitrary Code Execution Vulnerability
12368	Cisco IOS IPv6 Processing Remote Denial Of Service Vulnerability
12369	Cisco IOS Multi Protocol Label Switching Remote Denial Of Service Vulnerability
10971	Cisco IOS OSPF Remote Denial Of Service Vulnerability
13042	Cisco IOS Secure Shell Server Memory Leak Denial Of Service Vulnerability
13043	Cisco IOS Secure Shell Server V2 Remote Denial Of Service Vulnerability
15275	Cisco IOS System Timers Heap Buffer Overflow Exploitation
13033	Cisco IOS Unauthorized Security Association Establishment Vulnerability
15401	Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
4948	Cisco Malformed HSRP Traffic Denial of Service Vulnerability
4132	Cisco Malformed SNMP Message Denial of Service Vulnerabilities
6358	Cisco OSM Line Cards Denial Of Service Vulnerability
690	Cisco PIX and CBAC Fragmentation Attack
4949	Cisco Spoofed HSRP Loopback Denial Of Service Vulnerability
5041	Cisco uBR7200 / uBR7100 Universal Broadband Routers DOCSIS MIC Bypass Vulnerability
5030	Cisco View-based Access Control MIB SNMP Walk Read-Write Password Revealing Vulnerability
3199	Jakarta Tomcat Error Message Information Disclosure Vulnerability
15067	Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability
15063	Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability
15827	Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability
15061	Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability
15823	Microsoft Internet Explorer Dialog Manipulation Vulnerability
15825	Microsoft Internet Explorer HTTPS Proxy Information Disclosure Vulnerability
13799	Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability
15057	Microsoft MSDTC COM+ Remote Code Execution Vulnerability
15058	Microsoft MSDTC TIP Denial Of Service Vulnerability
15059	Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability
14594	Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability
15826	Microsoft Windows Asynchronous Procedure Call Local Privilege Escalation Vulnerability
15066	Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability
15064	Microsoft Windows Explorer Web View Script Injection Vulnerability
12160	Microsoft Windows FTP Client Directory Traversal Vulnerability
12834	Microsoft Windows Graphical Device Interface Library Denial Of Service Vulnerability
15356	Microsoft Windows Graphics Rendering Engine WMF Format Code Execution Vulnerability
15352	Microsoft Windows Graphics Rendering Engine WMF/EMF Format Code Execution Vulnerability
15070	Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability
15069	Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability
15056	Microsoft Windows MSDTC Memory Corruption Vulnerability
14260	Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability
15065	Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow Vulnerability
9406	Multiple Vendor H.323 Protocol Implementation Vulnerabilities
9804	Multiple Vendor HTTP Response Splitting Vulnerability
13873	Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
986	Multiple Vendor SNMP World Writeable Community Vulnerability
6408	Multiple Vendor SSH2 Implementation Empty Elements / Multiple Separator Vulnerabilities
6405	Multiple Vendor SSH2 Implementation Incorrect Field Length Vulnerabilities
6410	Multiple Vendor SSH2 Implementation Null Character Handling Vulnerabilities
2682	Multiple Vendor TCP Initial Sequence Number Statistical Vulnerability
2527	Multiple Vendor URL JSP Request Source Code Disclosure Vulnerability
2300	NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
8970	OpenSSL ASN.1 Large Recursion Remote Denial Of Service Vulnerability
14620	PCRE Regular Expression Heap Overflow Vulnerability
2344	PKCS #1 Version 1.5 Session Key Retrieval Vulnerability
1294	TACACS+ Protocol Flaws Vulnerabilities

For vulnerability details, download the Security Update 27 Release Notes (PDF).