Vulnerability-Lookup

CNVD-2015-04979

Vulnerability from cnvd - Published: 2015-07-28

Title

EMC Avamar Virtual Edition和EMC Avamar Server目录遍历漏洞

Description

EMC Avamar Virtual Edition是一套完全虚拟化的备份和恢复解决方案，EMC Avamar Server是其中的服务器端软件。 EMC Avamar Virtual Edition和EMC Avamar Server存在目录遍历漏洞，允许远程攻击者利用漏洞提交特殊的请求以WEB权限查看系统文件内容。

Severity

高

Patch Name

EMC Avamar Virtual Edition和EMC Avamar Server目录遍历漏洞的补丁

Patch Description

EMC Avamar Virtual Edition是一套完全虚拟化的备份和恢复解决方案，EMC Avamar Server是其中的服务器端软件。EMC Avamar Virtual Edition和EMC Avamar Server存在目录遍历漏洞，允许远程攻击者利用漏洞提交特殊的请求以WEB权限查看系统文件内容。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www.emc.com/

Reference

http://www.securityfocus.com/archive/1/536060

Impacted products

Name
['EMC Avamar Server 7.x(<7.1.2)', 'EMC Avamar Virtual Addition (AVE) 7.x(<7.1.2)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75997"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4527"
    }
  },
  "description": "EMC Avamar Virtual Edition\u662f\u4e00\u5957\u5b8c\u5168\u865a\u62df\u5316\u7684\u5907\u4efd\u548c\u6062\u590d\u89e3\u51b3\u65b9\u6848\uff0cEMC Avamar Server\u662f\u5176\u4e2d\u7684\u670d\u52a1\u5668\u7aef\u8f6f\u4ef6\u3002\r\n\r\nEMC Avamar Virtual Edition\u548cEMC Avamar Server\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u4ee5WEB\u6743\u9650\u67e5\u770b\u7cfb\u7edf\u6587\u4ef6\u5185\u5bb9\u3002",
  "discovererName": "EMC",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.emc.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04979",
  "openTime": "2015-07-28",
  "patchDescription": "EMC Avamar Virtual Edition\u662f\u4e00\u5957\u5b8c\u5168\u865a\u62df\u5316\u7684\u5907\u4efd\u548c\u6062\u590d\u89e3\u51b3\u65b9\u6848\uff0cEMC Avamar Server\u662f\u5176\u4e2d\u7684\u670d\u52a1\u5668\u7aef\u8f6f\u4ef6\u3002EMC Avamar Virtual Edition\u548cEMC Avamar Server\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u4ee5WEB\u6743\u9650\u67e5\u770b\u7cfb\u7edf\u6587\u4ef6\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC Avamar Virtual Edition\u548cEMC Avamar Server\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC Avamar Server 7.x(\u003c7.1.2)",
      "EMC Avamar Virtual Addition (AVE) 7.x(\u003c7.1.2)"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/archive/1/536060",
  "serverity": "\u9ad8",
  "submitTime": "2015-07-24",
  "title": "EMC Avamar Virtual Edition\u548cEMC Avamar Server\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

CVE-2015-4527 (GCVE-0-2015-4527)

Vulnerability from cvelistv5 – Published: 2015-07-23 14:00 – Updated: 2024-08-06 06:18

Summary

Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.

Severity ?

No CVSS data available.

CWE

Assigner

dell

References

URL

Tags

	http://seclists.org/bugtraq/2015/Jul/110	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id/1033026	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:11.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150722 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jul/110"
          },
          {
            "name": "1033026",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-08-14T16:57:05",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20150722 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jul/110"
        },
        {
          "name": "1033026",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033026"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-4527",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150722 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jul/110"
            },
            {
              "name": "1033026",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033026"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-4527",
    "datePublished": "2015-07-23T14:00:00",
    "dateReserved": "2015-06-11T00:00:00",
    "dateUpdated": "2024-08-06T06:18:11.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-04979

CVE-2015-4527 (GCVE-0-2015-4527)

Tags

Sightings

Nomenclature