CVE-2002-0107
CVSS5.0
发布时间 :2002-03-25 00:00:00
修订时间 :2016-10-17 22:16:14
NMCOE    

[原文]Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.


[CNNVD]Cacheflow CacheOS WEB管理接口任意缓冲页面代码泄露漏洞(CNNVD-200203-081)

        
        CacheOS是CacheFlow web缓冲系统设计和发行的固件,由CacheFlow维护。
        CacheOS存在一个开放8081端口的WEB管理接口,其中存在访问验证漏洞,发送特殊请求可以导致远程用户获得部分缓冲的页面。
        当远程用户通过WEB管理接口8081端口进行连接的时候,提交HTTP标准请求给系统,由Cacheserver管理的信息会防止用户访问。但是如果远程用户连接系统并多次发送没有任何HTTP版本类型的请求(如HTTP/1.0或者HTTP/1.1),可导致Cache服务程序泄露部分信息给连接用户,导致敏感信息如用户名、密码等泄露给攻击者。
        通过这些敏感信息可以使攻击者进一步对系统进行攻击。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:cacheflow:cacheos:4.0.13
cpe:/a:cacheflow:cacheos:0.0
cpe:/a:cacheflow:cacheos:3.1.20
cpe:/a:cacheflow:cacheos:3.1.10
cpe:/a:cacheflow:cacheos:3.1.02
cpe:/a:cacheflow:cacheos:3.1.13
cpe:/a:cacheflow:cacheos:3.1.03
cpe:/a:cacheflow:cacheos:3.1.14
cpe:/a:cacheflow:cacheos:3.1.11
cpe:/a:cacheflow:cacheos:3.1.12
cpe:/a:cacheflow:cacheos:3.1.06
cpe:/a:cacheflow:cacheos:3.1.17
cpe:/a:cacheflow:cacheos:3.1.07
cpe:/a:cacheflow:cacheos:3.1.18
cpe:/a:cacheflow:cacheos:3.1.04
cpe:/a:cacheflow:cacheos:3.1.15
cpe:/a:cacheflow:cacheos:3.1.05
cpe:/a:cacheflow:cacheos:3.1.16
cpe:/a:cacheflow:cacheos:3.1.08
cpe:/a:cacheflow:cacheos:3.1.19
cpe:/a:cacheflow:cacheos:3.1.09
cpe:/a:cacheflow:cacheos:4.0.11
cpe:/a:cacheflow:cacheos:4.0.12

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0107
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0107
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-081
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101052887431488&w=2
(UNKNOWN)  BUGTRAQ  20020108 svindel.net security advisory - web admin vulnerability in CacheOS
http://online.securityfocus.com/archive/1/254167
(VENDOR_ADVISORY)  BUGTRAQ  20020205 RE: svindel.net security advisory - web admin vulnerability in Ca cheOS
http://www.iss.net/security_center/static/7835.php
(VENDOR_ADVISORY)  XF  cachos-insecure-web-interface(7835)
http://www.securityfocus.com/bid/3841
(VENDOR_ADVISORY)  BID  3841

- 漏洞信息

Cacheflow CacheOS WEB管理接口任意缓冲页面代码泄露漏洞
中危 未知
2002-03-25 00:00:00 2005-05-02 00:00:00
远程  
        
        CacheOS是CacheFlow web缓冲系统设计和发行的固件,由CacheFlow维护。
        CacheOS存在一个开放8081端口的WEB管理接口,其中存在访问验证漏洞,发送特殊请求可以导致远程用户获得部分缓冲的页面。
        当远程用户通过WEB管理接口8081端口进行连接的时候,提交HTTP标准请求给系统,由Cacheserver管理的信息会防止用户访问。但是如果远程用户连接系统并多次发送没有任何HTTP版本类型的请求(如HTTP/1.0或者HTTP/1.1),可导致Cache服务程序泄露部分信息给连接用户,导致敏感信息如用户名、密码等泄露给攻击者。
        通过这些敏感信息可以使攻击者进一步对系统进行攻击。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在防火墙上屏蔽外部网络对8081端口的访问,确认只有合法可信的用户能够访问。
        厂商补丁:
        CacheFlow
        ---------
        CacheFlow CacheOS 3.1.21和CacheFlow CacheOS 4.0.14已经修复了这个安全问题。
        3.xx的用户请升级到CacheFlow CacheOS 3.1.21:
        
        http://download.cacheflow.com

        4.xx的用户请升级到CacheFlow CacheOS 4.0.14:
        
        http://download.cacheflow.com

- 漏洞信息 (21212)

Cacheflow CacheOS 3.1/4.0 Web Administration Arbitrary Cached Page Code Leakage Vulnerability (EDBID:21212)
multiple remote
2002-01-08 Verified
0 Bjorn Djupvik
N/A [点击下载]
source: http://www.securityfocus.com/bid/3841/info

CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow.

When a user connects to the system via the web administration interface on port 8081, and issues an HTTP standard-compliant request to the system, the system will prevent the user from accessing any information managed by the cache server. However, a user connecting to the system and issuing a request without the HTTP version request type (i.e. HTTP/1.0 or HTTP/1.1) multiple times may gain access to sensitive information. The cache server will leak information such as parts of URLs being accessed by a client currently connected to the cache server.

This problem makes it possible for a user to gather information, and potentially gain access to passwords, userids, or other potentially sensitive information. 

localhost:~# telnet cacheflow 8081
Trying xxx.xxx.xxx.xxx...
Connected to cacheflow.
Escape character is '^]'.
GET /Secure/Local/console/cmhome.htm

HTTP/1.0 404-Not Found

<HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The
request
ed URL "/Secure/Local/console/cmhome.htm

Easp&o=0&sv=za5cb0d78&qid=E2BCA8F417ECE94DBDD27B75F951FFDA&uid=2c234acbec234
acbe
&sid=3c234acbec234acbe&ord=1" was not found on this
server.<P></BODY>Connection
closed by foreign host. 		

- 漏洞信息

2020
Cacheflow CacheOS Web Administration Arbitrary Cached Page Code Leakage

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-01-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站