Skip to main content
Support

KB Article #179737

Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2010

List of possible security vulnerabilities reported against SecureTransport and corresponding analysis based on Axway's research.


NOTE: This KB lists only the vulnerabilities, tagged with the year 2010. For CVEs from other years, refer to the following articles:
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2018
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2017
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2016
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2015
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2014
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2013
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2012
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2011
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2009 and earlier


Additional lists of security vulnerabilities reported against SecureTransport application without formal CVE/CWE identifiers or against ST appliance platforms can be found at :



CVE Reference CVSS v2 Base Score Attack Vector Version Reported Version Fixed KB Article
CVE-2010-4411 4.3 Network 5.2.1 SP4 5.2.1 SP5 -
Added: N/A Last modified: N/A

Fixed with an update of the affected Perl modules in ST 5.2.1 SP5.

CVE-2010-4410 4.3 Network 5.2.1 SP4 5.2.1 SP5 -
Added: N/A Last modified: N/A

Fixed with an update of the affected Perl modules in ST 5.2.1 SP5.

CVE-2010-2761 4.3 Network 5.2.1 SP4 5.2.1 SP5 -
Added: N/A Last modified: N/A

Fixed with an update of the affected Perl modules in ST 5.2.1 SP5.

CVE-2010-2253 6.8 Network 5.2.1 SP4 5.2.1 SP5 -
Added: N/A Last modified: N/A

Fixed with an update of the affected Perl modules in ST 5.2.1 SP5.

CVE-2010-4172 4.3 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST 5.1 as sessionsList.jsp and sessionDetail.jsp are not deployed and thus are not used.

CVE-2010-5298 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

Not vulnerable. Mode SSL_MODE_RELEASE_BUFFERS is not enabled.

CVE-2010-3840 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as the function PolyFromWKB is not used.

CVE-2010-3839 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as remote users cannot execute arbitrary code and ST does not execute prepared statements/stored procedures with the described behaviour.

CVE-2010-3838 5.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable because ST does not use such queries.

CVE-2010-3837 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as such prepared statements are not used.

CVE-2010-3835 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as remote users cannot execute arbitrary code.

CVE-2010-3834 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as remote users cannot execute arbitrary code.

CVE-2010-3833 5.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST. Remote users cannot execute arbitrary code and ST does not use the described scenario.

CVE-2010-3718 1.2 Local 5.1 N/A -
Added: N/A Last modified: N/A

This issue is not applicable for ST as users cannot plug in custom applications.

CVE-2010-3683 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This issue is not applicable for ST.

CVE-2010-3682 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST. Remote users cannot execute EXPLAIN.

CVE-2010-3681 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as remote users cannot use the HANDLER interface.

CVE-2010-3680 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as remote users should not be able to execute arbitrary code.

CVE-2010-3679 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as remote users should not have access to the database.

CVE-2010-3678 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as the WITH ROLLUP modifier is not used.

CVE-2010-3677 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as there are no SET columns.

CVE-2010-3676 4.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as remote users cannot execute DDL statements.

CVE-2010-2227 6.4 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST.

CVE-2010-2068 5.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

The module mod_proxy_http is not enabled by default by ST but comes as part of the Apache distribution.

CVE-2010-2008 3.5 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST. Remote users cannot alter the db tables.

CVE-2010-1850 6.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST. Remote users cannot execute arbitrary code.

CVE-2010-1849 5.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST as remote access to the database is not allowed.

CVE-2010-1848 6.5 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST because direct access to the database is not allowed.

CVE-2010-1626 3.6 Local 5.1 N/A -
Added: N/A Last modified: N/A

Not applicable for ST. We use MyISAM only for the table st_version.

CVE-2010-1623 5.0 Network 5.1 N/A< -
Added: N/A Last modified: N/A

This is not applicable for ST 5.1.

CVE-2010-1621 5.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

This issue is not applicable for ST as mysql and mysql plugins cannot be installed remotely.

CVE-2010-1157 2.6 Network 5.1 N/A -
Added: N/A Last modified: N/A

This is not applicable for ST. Admin UI does not use basic authentication. When using basic authentication for end user UI the server name and port are not sent.

CVE-2010-0434 4.3 Network 5.1 N/A -
Added: N/A Last modified: N/A

ST uses multithreaded MPMs only for the Admin ui on Windows. In all other cases are use non-threaded MPMs (the vulnerability is for multithreaded MPMs).

CVE-2010-0425 10.0 Network 5.1 N/A -
Added: N/A Last modified: N/A

The module mod_isapi is not enabled by default by ST but comes as part of the Apache distribution.

CVE-2010-0408 5.0 Network 4.9.2 SP2 N/A -
Added: N/A Last modified: N/A

Not applicable for ST. ST comes with neither mod_proxy_ajp nor mod_proxy enabled.