CERTA-2005-AVI-330

Vulnerability from certfr_avis - Published: 2005-09-05 - Updated: 2005-09-05

Une vulnérabilité de type "traversée d'arborescence", découverte dans l'application 3Com Network Supervisor permet à un utilisateur mal intentionné, présent sur le réseau local, de porter atteinte à la confidentialité des données.

Description

3Com Network Supervisor et Director sont des outils d'administration réseau.

La vulnérabilité est causée par une erreur dans le traitement des requêtes HTTP destinées au serveur Web interne. Une personne malveillante peut, au moyen de requêtes HTTP malicieusement constituées, à destination du 21700/tcp, porter atteinte à la confidentialité des donnée hors de la racine du serveur web.

Solution

Se référer à la section Documentation pour l'obtention des correctifs.

None
Impacted products
Vendor Product Description
N/A N/A 3Com Network Supervisor 5.x.
N/A N/A 3Com Network Director 2.x ;
N/A N/A 3Com Network Director 1.x ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "3Com Network Supervisor 5.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "3Com Network Director 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "3Com Network Director 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\n3Com Network Supervisor et Director sont des outils d\u0027administration\nr\u00e9seau.\n\nLa vuln\u00e9rabilit\u00e9 est caus\u00e9e par une erreur dans le traitement des\nrequ\u00eates HTTP destin\u00e9es au serveur Web interne. Une personne\nmalveillante peut, au moyen de requ\u00eates HTTP malicieusement constitu\u00e9es,\n\u00e0 destination du 21700/tcp, porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9e hors de la racine du serveur web.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 la section Documentation pour l\u0027obtention des correctifs.\n",
  "cves": [],
  "initial_release_date": "2005-09-05T00:00:00",
  "last_revision_date": "2005-09-05T00:00:00",
  "links": [
    {
      "title": "Mise \u00e0 jour ``3Com Network Director 1.0 Critical Update 1\u0027\u0027    pour version initiale et Service Pack 1 :",
      "url": "http://support.3com.com/software/3Com_network_director_v1_0_sp0_1_cu1.exe"
    },
    {
      "title": "Site Internet de l\u0027\u00e9diteur :",
      "url": "http://www.3com.fr"
    },
    {
      "title": "Mise \u00e0 jour ``3Com Network Supervisor 5.1 Critical Update    1\u0027\u0027 :      http://support.3com.com/software/3Com_network_supervisor_v5_1_cu1.exe",
      "url": "http://support.3com.com/software/3Com_network_director_v5_1_cu1.exe"
    },
    {
      "title": "Mise \u00e0 jour ``3Com Network Director 1.0 Critical Update 1\u0027\u0027    pour Service Pack 2 \u0026 3 :",
      "url": "http://support.3com.com/software/3Com_network_director_v1_0_sp2_3_cu1.exe"
    },
    {
      "title": "Mise \u00e0 jour ``3Com Network Director 2.0 Critical Update 1\u0027\u0027    :",
      "url": "http://support.3com.com/software/3Com_network_director_v2_0_cu1.exe"
    }
  ],
  "reference": "CERTA-2005-AVI-330",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-09-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type \"travers\u00e9e d\u0027arborescence\", d\u00e9couverte dans\nl\u0027application 3Com Network Supervisor permet \u00e0 un utilisateur mal\nintentionn\u00e9, pr\u00e9sent sur le r\u00e9seau local, de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de 3Com Network Supervisor",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 iDEFENSE #300 du 01 septembre 2005",
      "url": "http://www.idefense.com/application/poi/display?id=300"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.