VAR-201505-0189
Vulnerability from variot - Updated: 2025-04-13 23:09Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909. The Cisco Headend System Release is a front-end broadband digital transmission system. An attacker can exploit this issue to download arbitrary files from the Web server and obtain potentially sensitive information. This issue is being tracked by Cisco bug ID CSCus44909
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0189",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "headend system release",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "2.5"
},
{
"model": "headend system release",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "2.7"
},
{
"model": "headend system release",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "headend system release",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "3.5"
},
{
"model": "headend system release",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "3.7"
},
{
"model": "headend system release",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "i4.3"
},
{
"model": "headend digital broadband delivery system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "headend digital broadband delivery system",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "headend system release 3.7.i4.3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "headend system release i4.3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "headend system releases",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03565"
},
{
"db": "BID",
"id": "74920"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002868"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-597"
},
{
"db": "NVD",
"id": "CVE-2015-0745"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:headend_digital_broadband_delivery_system",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:headend_system_release",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002868"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "74920"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0745",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0745",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-03565",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-78691",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0745",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0745",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-03565",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-597",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78691",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03565"
},
{
"db": "VULHUB",
"id": "VHN-78691"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002868"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-597"
},
{
"db": "NVD",
"id": "CVE-2015-0745"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909. The Cisco Headend System Release is a front-end broadband digital transmission system. \nAn attacker can exploit this issue to download arbitrary files from the Web server and obtain potentially sensitive information. \nThis issue is being tracked by Cisco bug ID CSCus44909",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0745"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002868"
},
{
"db": "CNVD",
"id": "CNVD-2015-03565"
},
{
"db": "BID",
"id": "74920"
},
{
"db": "VULHUB",
"id": "VHN-78691"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0745",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1032445",
"trust": 1.1
},
{
"db": "BID",
"id": "74920",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002868",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-597",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-03565",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78691",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03565"
},
{
"db": "VULHUB",
"id": "VHN-78691"
},
{
"db": "BID",
"id": "74920"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002868"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-597"
},
{
"db": "NVD",
"id": "CVE-2015-0745"
}
]
},
"id": "VAR-201505-0189",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03565"
},
{
"db": "VULHUB",
"id": "VHN-78691"
}
],
"trust": 1.2763547
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03565"
}
]
},
"last_update_date": "2025-04-13T23:09:54.533000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "38944",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38944"
},
{
"title": "Patch for Cisco Headend System Release Sensitive Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/59268"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002868"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78691"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002868"
},
{
"db": "NVD",
"id": "CVE-2015-0745"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38944"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032445"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0745"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0745"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03565"
},
{
"db": "VULHUB",
"id": "VHN-78691"
},
{
"db": "BID",
"id": "74920"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002868"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-597"
},
{
"db": "NVD",
"id": "CVE-2015-0745"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-03565"
},
{
"db": "VULHUB",
"id": "VHN-78691"
},
{
"db": "BID",
"id": "74920"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002868"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-597"
},
{
"db": "NVD",
"id": "CVE-2015-0745"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03565"
},
{
"date": "2015-05-30T00:00:00",
"db": "VULHUB",
"id": "VHN-78691"
},
{
"date": "2015-05-29T00:00:00",
"db": "BID",
"id": "74920"
},
{
"date": "2015-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002868"
},
{
"date": "2015-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-597"
},
{
"date": "2015-05-30T14:59:03.833000",
"db": "NVD",
"id": "CVE-2015-0745"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03565"
},
{
"date": "2017-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-78691"
},
{
"date": "2015-05-29T00:00:00",
"db": "BID",
"id": "74920"
},
{
"date": "2015-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002868"
},
{
"date": "2015-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-597"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-0745"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-597"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Headend System Release Vulnerable to reading temporary script files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002868"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-597"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…