KB Article #179735
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2011
List of possible security vulnerabilities reported against SecureTransport and corresponding analysis based on Axway's research.
NOTE: This KB lists only the vulnerabilities, tagged with the year 2011. For CVEs from other years, refer to the following articles:
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2018
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2017
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2016
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2015
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2014
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2013
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2012
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2010
⇒ Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2009 and earlier
Additional lists of security vulnerabilities reported against SecureTransport application without formal CVE/CWE identifiers or against ST appliance platforms can be found at :
- Security vulnerabilities reported against SecureTransport, without formal CVE or CWE identifier
- Security vulnerabilities reported against ST appliances
| CVE Reference | CVSS v2 Base Score | Attack Vector | Version Reported | Version Fixed | KB Article |
| CVE-2011-0633 | 4.3 | Network | 5.2.1 SP4 | 5.2.1 SP5 | - |
| Added: N/A | Last modified: N/A | ||||
|
Fixed with an update of the affected Perl modules in ST 5.2.1 SP5. |
|||||
| CVE-2011-3607 | 4.4 | Local | 5.1 | N/A | - |
| Added: N/A | Last modified: N/A | ||||
|
This is not applicable as remote users cannot access the |
|||||
| CVE-2011-3389 | 4.9 | Network | N/A | N/A | KB150803
KB161287 |
| Added: N/A | Last modified: N/A | ||||
|
This issue is suspected to be caused by a recent Microsoft KB (KB2585542), which was released to address the BEAST attack.
The nature of the fix is to disable support for ciphers, which were deemed vulnerable to this attack. However, ST uses mainly such ciphers, which might be the cause for the problem. |
|||||
| CVE-2011-3192 | 7.8 | Network | 5.1 SP2 | 5.1 SP2 Patch 11 | KB72181 |
| Added: N/A | Last modified: N/A | ||||
|
The workaround provided in KB72181 does not apply for Windows.
Apply Patch 11 (or SecureTransport 5.1 SP3) instead. |
|||||
| CVE-2011-2262 | 5.0 | Network | 5.1 | N/A | - |
| Added: N/A | Last modified: N/A | ||||
|
This is not applicable for ST as noone should have remote access to the database. |
|||||
| CVE-2011-2204 | 1.9 | Local | 5.1 | N/A | - |
| Added: N/A | Last modified: N/A | ||||
|
This issue is not applicable for ST as we do not use |
|||||
| CVE-2011-1473 | 5.0 | Network | 5.1 | N/A | KB160267 |
| Added: N/A | Last modified: N/A | ||||
|
This issue is not applicable for ST. |
|||||
| CVE-2011-0534 | 5.0 | Network | 5.1 | N/A | - |
| Added: N/A | Last modified: N/A | ||||
|
This issue is not applicable for ST. The Apache server receives the request and sends "Request URI too large" as response and direct access to Tomcat is not possible. |
|||||
| CVE-2011-0419 | 4.3 | Network | 5.1 | N/A | - |
| Added: N/A | Last modified: N/A | ||||
|
By default |
|||||
| CVE-2011-0013 | 4.3 | Network | 5.1 | N/A | - |
| Added: N/A | Last modified: N/A | ||||
|
This issue is not applicable for ST 5.1 as Tomcat HTML Manager Inteface is not used by ST. |
|||||