cnvd - cnvd-2015-07301

CNVD-2015-07301

Vulnerability from cnvd - Published: 2015-11-05

Title

TIBCO Spotfire Server信息泄露漏洞（CNVD-2015-07301）

Description

TIBCO Spotfire Server是美国TIBCO软件公司的基于TIBCO Spotfire（数据分析和挖掘工具）的为企业提供整合、运行和管理的平台。 TIBCO Spotfire Server 5.5.4之前的5.5.x版本，6.0.5之前的6.0.x版本，6.5.4之前的 6.5.x版本，7.0.1之前的7.0.x版本，Spotfire Analytics Platform for AWS Marketplace 7.0.2 之前的版本，存在信息泄露漏洞。允许远程攻击者，通过访问未指定的URL，获得敏感的日志信息。

Severity

中

Patch Name

TIBCO Spotfire Server信息泄露漏洞（CNVD-2015-07301）的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www.tibco.com/mk/advisory.jsp

Reference

http://www.tibco.com/mk/advisory.jsp https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5713

Impacted products

Name
['TIBCO Spotfire Server 5.5.x(<5.5.4)', 'TIBCO Spotfire Server 6.0.x(<6.0.5)', 'TIBCO Spotfire Server 6.5.x(<6.5.4)', 'TIBCO Spotfire Server <7.0.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5713"
    }
  },
  "description": "TIBCO Spotfire Server\u662f\u7f8e\u56fdTIBCO\u8f6f\u4ef6\u516c\u53f8\u7684\u57fa\u4e8eTIBCO Spotfire\uff08\u6570\u636e\u5206\u6790\u548c\u6316\u6398\u5de5\u5177\uff09\u7684\u4e3a\u4f01\u4e1a\u63d0\u4f9b\u6574\u5408\u3001\u8fd0\u884c\u548c\u7ba1\u7406\u7684\u5e73\u53f0\u3002\r\n\r\nTIBCO Spotfire Server 5.5.4\u4e4b\u524d\u76845.5.x\u7248\u672c\uff0c6.0.5\u4e4b\u524d\u76846.0.x\u7248\u672c\uff0c6.5.4\u4e4b\u524d\u7684 6.5.x\u7248\u672c\uff0c7.0.1\u4e4b\u524d\u76847.0.x\u7248\u672c\uff0cSpotfire Analytics Platform for AWS Marketplace 7.0.2 \u4e4b\u524d\u7684\u7248\u672c\uff0c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\uff0c\u901a\u8fc7\u8bbf\u95ee\u672a\u6307\u5b9a\u7684URL\uff0c\u83b7\u5f97\u654f\u611f\u7684\u65e5\u5fd7\u4fe1\u606f\u3002",
  "discovererName": "TIBCO",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.tibco.com/mk/advisory.jsp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07301",
  "openTime": "2015-11-05",
  "patchDescription": "TIBCO Spotfire Server\u662f\u7f8e\u56fdTIBCO\u8f6f\u4ef6\u516c\u53f8\u7684\u57fa\u4e8eTIBCO Spotfire\uff08\u6570\u636e\u5206\u6790\u548c\u6316\u6398\u5de5\u5177\uff09\u7684\u4e3a\u4f01\u4e1a\u63d0\u4f9b\u6574\u5408\u3001\u8fd0\u884c\u548c\u7ba1\u7406\u7684\u5e73\u53f0\u3002\r\nTIBCO Spotfire Server 5.5.4\u4e4b\u524d\u76845.5.x\u7248\u672c\uff0c6.0.5\u4e4b\u524d\u76846.0.x\u7248\u672c\uff0c6.5.4\u4e4b\u524d\u7684 6.5.x\u7248\u672c\uff0c7.0.1\u4e4b\u524d\u76847.0.x\u7248\u672c\uff0cSpotfire Analytics Platform for AWS Marketplace 7.0.2 \u4e4b\u524d\u7684\u7248\u672c\uff0c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\uff0c\u901a\u8fc7\u8bbf\u95ee\u672a\u6307\u5b9a\u7684URL\uff0c\u83b7\u5f97\u654f\u611f\u7684\u65e5\u5fd7\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TIBCO Spotfire Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-07301\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "TIBCO Spotfire Server 5.5.x(\u003c5.5.4)",
      "TIBCO Spotfire Server  6.0.x(\u003c6.0.5)",
      "TIBCO Spotfire Server  6.5.x(\u003c6.5.4)",
      "TIBCO Spotfire Server  \u003c7.0.2"
    ]
  },
  "referenceLink": "http://www.tibco.com/mk/advisory.jsp\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5713",
  "serverity": "\u4e2d",
  "submitTime": "2015-10-30",
  "title": "TIBCO Spotfire Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-07301\uff09"
}

CVE-2015-5713 (GCVE-0-2015-5713)

Vulnerability from cvelistv5 – Published: 2015-10-28 10:00 – Updated: 2024-08-06 06:59

Summary

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securitytracker.com/id/1034011	vdb-entryx_refsource_SECTRACK
	http://www.tibco.com/mk/advisory.jsp	x_refsource_CONFIRM
	http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:59:04.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034011",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034011"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tibco.com/mk/advisory.jsp"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1034011",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034011"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tibco.com/mk/advisory.jsp"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5713",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034011",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034011"
            },
            {
              "name": "http://www.tibco.com/mk/advisory.jsp",
              "refsource": "CONFIRM",
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "name": "http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txt",
              "refsource": "CONFIRM",
              "url": "http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5713",
    "datePublished": "2015-10-28T10:00:00",
    "dateReserved": "2015-08-02T00:00:00",
    "dateUpdated": "2024-08-06T06:59:04.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-07301

CVE-2015-5713 (GCVE-0-2015-5713)

Tags

Sightings

Nomenclature