-
Notifications
You must be signed in to change notification settings - Fork 121
/
oval_org.cisecurity_def_8876.xml
45 lines (45 loc) · 2.89 KB
/
oval_org.cisecurity_def_8876.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:8876" version="1">
<metadata>
<title>Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header.</title>
<affected family="windows">
<platform>Microsoft Windows 7</platform>
<platform>Microsoft Windows 8</platform>
<platform>Microsoft Windows 8.1</platform>
<platform>Microsoft Windows 10</platform>
<platform>Microsoft Windows Server 2008</platform>
<platform>Microsoft Windows Server 2008 R2</platform>
<platform>Microsoft Windows Server 2012</platform>
<platform>Microsoft Windows Server 2012 R2</platform>
<platform>Microsoft Windows Server 2016</platform>
<platform>Microsoft Windows Server 2019</platform>
<product>Mozilla Firefox ESR</product>
<product>Mozilla Thunderbird</product>
<product>Mozilla Firefox</product>
</affected>
<reference ref_id="CVE-2021-29946" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946" source="CVE" />
<description>Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.</description>
<oval_repository>
<dates>
<submitted date="2021-07-14T02:59:00+00:00">
<contributor organization="GFI">Glenn Lugod</contributor>
</submitted>
</dates>
<status>INITIAL SUBMISSION</status>
<min_schema_version>5.10</min_schema_version>
</oval_repository>
</metadata>
<criteria operator="OR">
<criteria comment="Mozilla Firefox ESR release is installed + version" operator="AND">
<extend_definition comment="Mozilla Firefox ESR is installed" definition_ref="oval:org.mitre.oval:def:22414" />
<criterion comment="Check if Mozilla Firefox ESR version is less than 78.10" test_ref="oval:org.cisecurity:tst:20287" />
</criteria>
<criteria comment="Mozilla Thunderbird Mainline release is installed + version" operator="AND">
<extend_definition comment="Mozilla Thunderbird Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22093" />
<criterion comment="Check if Mozilla Thunderbird Mainline version less than 78.10" test_ref="oval:org.cisecurity:tst:20270" />
</criteria>
<criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
<extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
<criterion comment="Check if Mozilla Firefox Mainline version less than 88.0" test_ref="oval:org.cisecurity:tst:20281" />
</criteria>
</criteria>
</definition>