CVE-2005-2076
CVSS2.1
发布时间 :2005-06-29 00:00:00
修订时间 :2011-03-07 21:23:21
NMCO    

[原文]HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.


[CNNVD]HP VCRM代理服务器 密码泄漏漏洞(CNNVD-200506-231)

        HP Version Control Repository Manager (VCRM) 2.1.1.730之前的版本没有正确处理代理服务器密码中的"@"字符,有物理访问权限的攻击者在屏幕显示?字符时可获取部分密码。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:hp:version_control_repository_manager:2.1.1.710HP Version Control Repository Manager 2.1.1.7.10
cpe:/a:hp:version_control_repository_manager:1.0.1288.1HP Version Control Repository Manager 1.0.1288.1
cpe:/a:hp:version_control_repository_manager:1.0.2345.0HP Version Control Repository Manager 1.0.2345.0
cpe:/a:hp:version_control_repository_manager:1.0.2289.0HP Version Control Repository Manager 1.0.2289.0
cpe:/a:hp:version_control_repository_manager:2.0.1.30HP Version Control Repository Manager 2.0.1.30
cpe:/a:hp:version_control_repository_manager:1.0.3085.0HP Version Control Repository Manager 1.0.3085.0
cpe:/a:hp:version_control_repository_manager:2.0.0.50HP Version Control Repository Manager 2.0.0.50
cpe:/a:hp:version_control_repository_manager:1.0.2241.0HP Version Control Repository Manager 1.0.2241.0
cpe:/a:hp:version_control_repository_manager:2.1.1.720HP Version Control Repository Manager 2.1.1.720
cpe:/a:hp:version_control_repository_manager:1.0.3086.0HP Version Control Repository Manager 1.0.3086.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2076
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2076
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-231
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/14032
(PATCH)  BID  14032
http://www.securityfocus.com/advisories/8734
(VENDOR_ADVISORY)  HP  SSRT5955
http://securitytracker.com/id?1014267
(PATCH)  SECTRACK  1014267
http://secunia.com/advisories/15790
(VENDOR_ADVISORY)  SECUNIA  15790
http://www.securityfocus.com/advisories/8734
(UNKNOWN)  HP  SSRT5955

- 漏洞信息

HP VCRM代理服务器 密码泄漏漏洞
低危 设计错误
2005-06-29 00:00:00 2005-10-20 00:00:00
本地  
        HP Version Control Repository Manager (VCRM) 2.1.1.730之前的版本没有正确处理代理服务器密码中的"@"字符,有物理访问权限的攻击者在屏幕显示?字符时可获取部分密码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        HP Version Control Repository Manager
        HP Version Control Repository Manager 2.1.1.730
        http://h18023.www1.hp.com/support/files/server/us/download/22563.html

- 漏洞信息

17509
HP VCRM Proxy Server Cleartext Password Disclosure
Cryptographic, Information Disclosure
Loss of Confidentiality

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-06-22 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.1.1.730 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站