CVE-2004-0533
CVSS2.1
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:38:40
NMCOS    

[原文]Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.


[CNNVD]Business Objects WebIntelligence访问控制绕过文件删除漏洞(CNNVD-200412-912)

        Business Objects WebIntelligence 2.7.0版本到2.7.4版本只加强客户端的访问控制,远程认证用户可以借助制作的使用InfoView web客户端的删除请求在服务器上删除任意文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:businessobjects:webintelligence:2.7.3businessobjects WebIntelligence 2.7.3
cpe:/a:businessobjects:infoview:5.1.8businessobjects InfoView 5.1.8
cpe:/a:businessobjects:webintelligence:2.7.4businessobjects WebIntelligence 2.7.4
cpe:/a:businessobjects:infoview:5.1.6businessobjects InfoView 5.1.6
cpe:/a:businessobjects:infoview:5.1.4businessobjects InfoView 5.1.4
cpe:/a:businessobjects:webintelligence:2.7.1businessobjects WebIntelligence 2.7.1
cpe:/a:businessobjects:webintelligence:2.7.2businessobjects WebIntelligence 2.7.2
cpe:/a:businessobjects:infoview:5.1.5businessobjects InfoView 5.1.5
cpe:/a:businessobjects:webintelligence:2.7businessobjects WebIntelligence 2.7
cpe:/a:businessobjects:infoview:5.1.7businessobjects InfoView 5.1.7

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0533
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0533
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-912
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/17422
(PATCH)  XF  webintelligence-url-delete-files(17422)
http://www.securityfocus.com/bid/11208
(UNKNOWN)  BID  11208
http://secunia.com/advisories/12587/
(VENDOR_ADVISORY)  SECUNIA  12587
http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html
(VENDOR_ADVISORY)  FULLDISC  20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html
(VENDOR_ADVISORY)  VULNWATCH  20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue

- 漏洞信息

Business Objects WebIntelligence访问控制绕过文件删除漏洞
低危 访问验证错误
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        Business Objects WebIntelligence 2.7.0版本到2.7.4版本只加强客户端的访问控制,远程认证用户可以借助制作的使用InfoView web客户端的删除请求在服务器上删除任意文件。

- 公告与补丁

        The vendor has released patches dealing with this issue. Users are recommended to contact the vendor for patch and update availability.

- 漏洞信息

10016
Business Objects WebIntelligence Restriction Bypass Arbitrary Document Deletion
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

WebIntelligence contains a flaw that may allow a malicious user to delete arbitrary documents. The issue is triggered when authennticated user without delete permission accesses specially crafted URL containing docuement ID and name. It is possible that the flaw may allow document deletion resulting in a loss of integrity.

- 时间线

2004-09-17 2004-05-20
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patches to address this vulnerability. WebIntelligence 2.7.0 - 2.7.2 & InfoView 5.1.4 - 5.1.6 (SP4-SP6) Upgrade to SP7 or SP8 and apply available patches WebIntelligence 2.7.3 & InfoView 5.1.7 (SP7) Download the update for Windows, Windows JP,Sun, AIX, & HP (CSP860) WebIntelligence 2.7.4 & InfoView 5.1.8 (SP8) Download the update for Windows, Windows JP,Sun, AIX, & HP (CSP864)

- 相关参考

- 漏洞作者

- 漏洞信息

Business Objects WebIntelligence Access Control Bypass File Deletion Vulnerability
Access Validation Error 11208
Yes No
2004-09-17 12:00:00 2009-07-12 07:06:00
Discovery of this issue is credited to Corsaire Limited.

- 受影响的程序版本

Business Objects WebIntelligence 2.7.4
Business Objects WebIntelligence 2.7.3
Business Objects WebIntelligence 2.7.2
Business Objects WebIntelligence 2.7.1
Business Objects WebIntelligence 2.7
Business Objects InfoView 5.1.8
Business Objects InfoView 5.1.7
Business Objects InfoView 5.1.6
Business Objects InfoView 5.1.5
Business Objects InfoView 5.1.4

- 漏洞讨论

It is reported that WebIntelligence is susceptible to an access control bypass vulnerability allowing for the deletion of files from the application.

This vulnerability is reported to exist as access controls are only enforced on the client. The server fails to enforce access control restriction and allows delete requests to succeed when they are not authorized.

Only authenticated users are able to exploit this vulnerability.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

The vendor has released patches dealing with this issue. Users are recommended to contact the vendor for patch and update availability.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站