Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3389 (06/03/2021)

1 new signature:

MEDIUMHTTP:XSTREAM-CVE-2020-26529-AFDHTTP: XStream Library CVE-2020-26259 Arbitrary File Deletion

1 updated signature:

HIGHHTTP:STC:ACTIVEX:QTPLUGINXHTTP: Apple Quicktime QTPlugin.ocx ActiveX Control


Details of the signatures included within this bulletin:

HTTP:STC:ACTIVEX:QTPLUGINX - HTTP: Apple Quicktime QTPlugin.ocx ActiveX Control

Severity: HIGH

Description:

This signature detects attempts to use unsafe ActiveX controls in Apple QuickTime. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

idp-5.1.110161014, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2012-3754
  • bugtraq: 27769
  • bugtraq: 42841
  • bugtraq: 53577
  • cve: CVE-2012-0666
  • cve: CVE-2008-0778
  • cve: CVE-2010-1818

Affected Products:

  • Apple quicktime 7.1.6
  • Apple quicktime 6.3.0
  • Apple quicktime 7.6.9
  • Apple quicktime 7.69.80.9
  • Apple quicktime 7.2.1
  • Apple quicktime 4.1.2
  • Apple quicktime 6.4.0
  • Apple quicktime 7.5.5
  • Apple quicktime 6.2.0
  • Apple quicktime 7.1.1
  • Apple quicktime 3.0
  • Apple quicktime 7.1.2
  • Apple quicktime 7.1.3
  • Apple quicktime 7.68.75.0
  • Apple quicktime 5.0.2
  • Apple quicktime 6.5.1
  • Apple quicktime 7.3.0
  • Apple quicktime 7.3.1.70
  • Apple quicktime 6.5.0
  • Apple quicktime 7.6.8
  • Apple quicktime 7.65.17.80
  • Apple quicktime 7.0.3
  • Apple quicktime 7.6.7
  • Apple quicktime 7.3.1
  • Apple quicktime 6.5.2
  • Apple quicktime 6.0.0
  • Apple quicktime 7.6.6
  • Apple quicktime 7.67.75.0
  • Apple quicktime 7.60.92.0
  • Apple quicktime 6.5
  • Apple quicktime 7.7.0
  • Apple quicktime 7.4.5
  • Apple quicktime 7.0.4
  • Apple quicktime 7.2.0
  • Apple quicktime 7.5.0
  • Apple quicktime 5.0.1
  • Apple quicktime 7.66.71.0
  • Apple quicktime 7.64.17.73
  • Apple quicktime 7.1.0
  • Apple quicktime 7.0.1
  • Apple quicktime 6.0.2
  • Apple quicktime 6.1
  • Apple quicktime 7.1
  • Apple quicktime 7.6.2
  • Apple quicktime 6.1.0
  • Apple quicktime 7.6.5
  • Apple quicktime 7.0
  • Apple quicktime 7.6.1
  • Apple quicktime 6.1.1
  • Apple quicktime 7.4.1
  • Apple quicktime 6.0.1
  • Apple quicktime 7.3
  • Apple quicktime 7.6.0
  • Apple quicktime 7.4.0
  • Apple quicktime 7.2
  • Apple quicktime 7.0.0
  • Apple quicktime 7.1.4
  • Apple quicktime 6.0
  • Apple quicktime 7.1.5
  • Apple quicktime 7.0.2
  • Apple quicktime 7.4
  • Apple quicktime 7.62.14.0
  • Apple quicktime 5.0
  • Apple quicktime 7.7.1

HTTP:XSTREAM-CVE-2020-26529-AFD - HTTP: XStream Library CVE-2020-26259 Arbitrary File Deletion

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against XStream Library. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

  • cve: CVE-2020-26259

Affected Products:

  • Debian debian_linux 10.0
  • Debian debian_linux 9.0
  • Xstream_project xstream
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out