CVE-2017-1766
CVSS4.0
发布时间 :2018-03-30 12:29:00
修订时间 :2018-04-24 08:15:59
NMPS    

[原文]Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: SINGLE_INSTANCE [--]

- CWE (弱点类目)

CWE-285 [授权机制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:ibm:business_process_manager:8.5.5.0::~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.5.0::~~express~~~
cpe:/a:ibm:business_process_manager:8.5.5.0::~~standard~~~
cpe:/a:ibm:business_process_manager:8.5.6.0::~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.6.0::~~express~~~
cpe:/a:ibm:business_process_manager:8.5.6.0::~~standard~~~
cpe:/a:ibm:business_process_manager:8.5.6.0:cf2:~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.6.0:cf2:~~express~~~
cpe:/a:ibm:business_process_manager:8.5.6.0:cf2:~~standard~~~
cpe:/a:ibm:business_process_manager:8.5.6.1::~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.6.1::~~express~~~
cpe:/a:ibm:business_process_manager:8.5.6.1::~~standard~~~
cpe:/a:ibm:business_process_manager:8.5.6.2::~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.6.2::~~express~~~
cpe:/a:ibm:business_process_manager:8.5.6.2::~~standard~~~
cpe:/a:ibm:business_process_manager:8.5.7.0::~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.7.0::~~express~~~
cpe:/a:ibm:business_process_manager:8.5.7.0::~~standard~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201606:~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201606:~~express~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201606:~~standard~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201609:~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201609:~~express~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201609:~~standard~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201612:~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201612:~~express~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201612:~~standard~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201703:~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201703:~~express~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201703:~~standard~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201706:~~advanced~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201706:~~express~~~
cpe:/a:ibm:business_process_manager:8.5.7.0:cf201706:~~standard~~~
cpe:/a:ibm:business_process_manager:8.6.0.0::~~express~~~
cpe:/a:ibm:business_process_manager:8.6.0.0:cf201712:~~express~~~

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1766
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1766
(官方数据源) NVD

- 其它链接及资源

http://www.ibm.com/support/docview.wss?uid=swg22011866
(VENDOR_ADVISORY)  CONFIRM  http://www.ibm.com/support/docview.wss?uid=swg22011866
https://exchange.xforce.ibmcloud.com/vulnerabilities/136151
(VENDOR_ADVISORY)  MISC  https://exchange.xforce.ibmcloud.com/vulnerabilities/136151

- 漏洞信息 (F145770)

Yawcam 0.6.0 Directory Traversal (PacketStormID:F145770)
2018-01-09 00:00:00
David Panter  
exploit
CVE-2017-17662
[点击下载]

Yawcam versions 0.2.6 through 0.6.0 suffer from a directory traversal vulnerability.

Directory traversal vulnerability in Yawcam webcam server
=========================================================

Overview
--------
Affected Versions: Yawcam 0.2.6 through 0.6.0
Patched Versions: Yawcam 0.6.1
Vendor: Yawcam
Vendor URL: http://www.yawcam.com
CVE: CVE-2017-17662
Credit: David Panter, Global Relay CSOC
Status: Public
Public disclosure URL: http://www.yawcam.com/news.php

Summary
-------
By sending a specially crafted HTTP GET request a remote attacker can read arbitrary files on the target computer under the privileges of the Yawcam software or service.

Product Description
-------------------
Yawcam is a free webcam software with an integrated HTTP server and wide variety of features.

Severity Rating: High

Vulnerability description
-------------------------
The Yamcam HTTP server contains a directory traversal vulnerability that allows attacker to read arbitrary files through a sequence in the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ for example '.\./', '....\/' or '...\./'.

For files with no extension a single dot needs to be appended to ensure the HTTP server does not alter the request.

POC
---
By sending the following string to the Yawcam HTTP server we can read the hosts file from the target machine
"GET /.\./.\./.\./.\./.\./.\./.\./windows/system32/drivers/etc/hosts."

Timeline
--------
2017-12-12  Vulnerability discovered
2017-12-13  Vendor contacted
2017-12-13  CVE ID assigned
2017-12-15  Vendor reply
2017-12-18  Fixed version released
2017-12-18  Vendor disclosed vulnerability
    

- 漏洞信息

Asterisk CVE-2017-17664 Remote Denial of Service Vulnerability
Boundary Condition Error 102201
Yes No
2017-12-13 12:00:00 2017-12-13 12:00:00
Tzafrir Cohen and Vitezslav Novy.

- 受影响的程序版本

Asterisk Open Source 15.1.3
Asterisk Open Source 15.1.1
Asterisk Open Source 15.1
Asterisk Open Source 14.7.3
Asterisk Open Source 14.7.1
Asterisk Open Source 14.6.1
Asterisk Open Source 14.4
Asterisk Open Source 14.3.1
Asterisk Open Source 14.2.1
Asterisk Open Source 14.2
Asterisk Open Source 13.18.3
Asterisk Open Source 13.18.1
Asterisk Open Source 13.17.1
Asterisk Open Source 13.15
Asterisk Open Source 13.14.1
Asterisk Open Source 13.13.1
Asterisk Open Source 13.13
Asterisk Open Source 13.12
Asterisk Open Source 15.1.2
Asterisk Open Source 14.7.2
Asterisk Open Source 14.0
Asterisk Open Source 13.18.2
Asterisk Open Source 13.0
Asterisk Certified Asterisk 13.13-cert8
Asterisk Certified Asterisk 13.13-cert7
Asterisk Certified Asterisk 13.13-cert6
Asterisk Certified Asterisk 13.13-cert5
Asterisk Certified Asterisk 13.13-cert4
Asterisk Certified Asterisk 13.13-cert3
Asterisk Certified Asterisk 13.13
,Asterisk Open Source 15.1.4
Asterisk Open Source 14.7.4
Asterisk Open Source 13.18.4
Asterisk Certified Asterisk 13.13-cert9

- 不受影响的程序版本

Asterisk Open Source 15.1.4
Asterisk Open Source 14.7.4
Asterisk Open Source 13.18.4
Asterisk Certified Asterisk 13.13-cert9

- 漏洞讨论

Asterisk is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the application resulting in denial-of-service conditions.

Following Asterisk products and versions are vulnerable:

Asterisk Open Source 13.18.2 and prior.
Asterisk Open Source 13.x prior to 13.18.4
Asterisk Open Source 14.x prior to 14.7.4
Asterisk Open Source 15.x before 15.1.4
Certified Asterisk prior to 13.13-cert9.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站