CVE-2015-0009
published 2015-02-11CVE-2015-0009: The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1…
PriorityP425low3.3CVSS 2.0
AVAACLAuNCNIPAN
EXPLOIT
EPSS
8.07%
94.1th percentile
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qqjj-9hpp-gjjc: The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2
ghsa_unreviewed·2022-05-13
CVE-2015-0009 [LOW] GHSA-qqjj-9hpp-gjjc: The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."
VMware
VMware vCenter Server updates address an important reflected cross-site scripting issue
vendor_vmware·2016-06-14·CVSS 6.1
CVE-2015-6931 [MEDIUM] VMware vCenter Server updates address an important reflected cross-site scripting issue
VMSA-2016-0009: VMware vCenter Server updates address an important reflected cross-site scripting issue
a. Important vCenter Server reflected cross-site scripting issue The vSphere Web Client contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker can exploit this issue by tricking a victim into clicking a malicious link. VMware would like to thank Matt Schmidt for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-6931 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on Replace with/ Apply Patch VMware ProductvCenter Server P
VMware
VMware product updates address a critical deserialization vulnerability
vendor_vmware·2015-12-18·CVSS 7.3
CVE-2015-6934 [HIGH] VMware product updates address a critical deserialization vulnerability
VMSA-2015-0009: VMware product updates address a critical deserialization vulnerability
3.a Commons-collections deserialization vulnerability A deserialization vulnerability involving Apache Commons-collections and a specially constructed chain of classes exists. Successful exploitation could result in remote code execution, with the permissions of the application using the Commons-collections library. VMware would like to thank Jacob Baines of Tenable Network Security for reporting that the vRealize Operations appliance is affected. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-6934 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMw
No detection rules found.
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
blogs_talos·2015-02-10·CVSS 6.8
[MEDIUM] Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
## Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
Microsoft’s Patch Tuesday for February 2015 has arrived. This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs. 3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy. The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager.
## Bulletins Rated Critical MS15-009, MS15-010, and MS15-011 are rated Critical.
MS15-009 is targeted at addressing multiple vulnerabilities within Internet Explorer, versions 6 through 11. In total, 41 different CVEs were addressed with the vast majority of the those CVEs fixing use-after-free vulnerabilitie
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
blogs_talos·2015-02-10·CVSS 6.8
[MEDIUM] Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
Microsoft’s Patch Tuesday for February 2015 has arrived. This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs. 3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy. The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager.
### Bulletins Rated CriticalMS15-009, MS15-010, and MS15-011 are rated Critical.
MS15-009 is targeted at addressing multiple vulnerabilities within Internet Explorer, versions 6 through 11. In total, 41 different CVEs were addressed with the vast majority of the those CVEs fixing use-after-free vulnerabilities that could result in remote code execution. A couple ASLR bypasses, pr
Bugzilla
CVE-2015-1493 moodle: Directory Traversal Attack possible through some files serving JS (MSA-15-0009)
bugzilla·2015-01-28·CVSS 6.8
CVE-2015-1493 [MEDIUM] CVE-2015-1493 moodle: Directory Traversal Attack possible through some files serving JS (MSA-15-0009)
CVE-2015-1493 moodle: Directory Traversal Attack possible through some files serving JS (MSA-15-0009)
Upstream reports:
Parameter "file" passed to scripts serving JS was not always cleaned from including "../" in the path, allowing to read files located outside of moodle directory. All OS are affected but especially vulnerable are Windows servers
Reported by: Emiel Florijn
Issue no.: MDL-48980
Workaround: Prevent access to URLs containing "../" or "..\" in web server configuration
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48980
Discussion:
Created moodle tracking bugs for this issue:
Affects: fedora-all [bug 1190119]
---
Upstream reference: https://moodle.org/mod/forum/discuss.php?d=279956
---
Mitigation:
Prevent access to URLs contai
http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspxhttp://packetstormsecurity.com/files/155007/Microsoft-Windows-Server-2012-Group-Policy-Security-Feature-Bypass.htmlhttp://www.securityfocus.com/bid/72476http://www.securitytracker.com/id/1031722https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-014http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspxhttp://packetstormsecurity.com/files/155007/Microsoft-Windows-Server-2012-Group-Policy-Security-Feature-Bypass.htmlhttp://www.securityfocus.com/bid/72476http://www.securitytracker.com/id/1031722https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-014
2015-02-11
Published