Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 09, 2008 Updated: April 09, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 30, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 30, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 30, 2008
Not Affected
Intoto iGateway Firewall ships with UPnP feature, however it is disabled by default. Network administrator has to specifically enable this feature from management interface in order to make it operational. iGateway Firewall also has capability to set filters for source of UPnP messages, allowing only trusted machine's messages to be received and processed.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 21, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: June 30, 2008
Affected
Some of NEC products are affected by this vulnerability. For more details see http://www.nec.co.jp/security-info/secinfo/nv08-006.html
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 30, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 16, 2008
Unknown
Openwall GNU/*/Linux is not affected.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 21, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 21, 2008
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 16, 2008
Not Affected
TippingPoint devices do not ship with UPnP.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: February 25, 2008 Updated: July 22, 2008
Unknown
The security advisory described in CERT advisory http://www.kb.cert.org/vuls/id/347812 appears to stem from the ability of the Flash ActionScript platform to modify the content type header of HTTP requests made from that platform to other IP addresses. The demonstrated exploit to UPNP seems to be just one of many interactions that the ActionScript platform could cause based on note security problem when accessing services both in and outside the home. The UPnP Forum recommends that Adobe Flash users update to at least the Flash Player 9 April 2008 Security Update to protect their network systems from this and other potential attacks. The UPnP forum recommends that manufacturers support a security solution in their products for critical service methods. The UPnP forum standardized an access control solution in November 2003 that was designed to be used for this purpose, but to date has not be adopted by manufacturers. A complementary short-term solution is for manufacturers to use a non-fixed URL for their service URLBase values, so that they may not be predicted by such attacks. The UPnP forum is committed to providing value for consumers and the industry. As a result, we continue to actively work with the industry on security solutions that can be adopted in home environments. Per normal security practice, the UPnP forum recommends also that users change the default passwords on my product to protect against other non-UPnP attacks and that users follow the appropriate security precautions for their computer platforms.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2008 Updated: January 15, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.