cnvd - cnvd-2016-02167

CNVD-2016-02167

Vulnerability from cnvd - Published: 2016-04-13

Title

Apache Jetspeed User Manager未授权操作漏洞

Description

Apache Jetspeed是美国阿帕奇（Apache）软件基金会的一套使用Java和XML开发的开放门户平台和企业信息门户网站。User Manager service是其中的一个用户管理服务。 Apache Jetspeed 2.3.1之前版本的User Manager服务中存在未授权操作漏洞，该漏洞源于程序未能正确限制使用Jetspeed Security的访问权限。远程攻击者可借助REST API利用该漏洞添加、编辑或删除用户。

Severity

中

Patch Name

Apache Jetspeed User Manager未授权操作漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171

Reference

http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171 http://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CB9165E38-F3D8-496D-8642-8A53FCAC736A%40gmail.com%3E

Impacted products

Name
Apache Jetspeed <2.3.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2171"
    }
  },
  "description": "Apache Jetspeed\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528Java\u548cXML\u5f00\u53d1\u7684\u5f00\u653e\u95e8\u6237\u5e73\u53f0\u548c\u4f01\u4e1a\u4fe1\u606f\u95e8\u6237\u7f51\u7ad9\u3002User Manager service\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u6237\u7ba1\u7406\u670d\u52a1\u3002\r\n\r\nApache Jetspeed 2.3.1\u4e4b\u524d\u7248\u672c\u7684User Manager\u670d\u52a1\u4e2d\u5b58\u5728\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9650\u5236\u4f7f\u7528Jetspeed Security\u7684\u8bbf\u95ee\u6743\u9650\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9REST API\u5229\u7528\u8be5\u6f0f\u6d1e\u6dfb\u52a0\u3001\u7f16\u8f91\u6216\u5220\u9664\u7528\u6237\u3002",
  "discovererName": "Andreas Lindh",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02167",
  "openTime": "2016-04-13",
  "patchDescription": "Apache Jetspeed\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528Java\u548cXML\u5f00\u53d1\u7684\u5f00\u653e\u95e8\u6237\u5e73\u53f0\u548c\u4f01\u4e1a\u4fe1\u606f\u95e8\u6237\u7f51\u7ad9\u3002User Manager service\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u6237\u7ba1\u7406\u670d\u52a1\u3002\r\n\r\nApache Jetspeed 2.3.1\u4e4b\u524d\u7248\u672c\u7684User Manager\u670d\u52a1\u4e2d\u5b58\u5728\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9650\u5236\u4f7f\u7528Jetspeed Security\u7684\u8bbf\u95ee\u6743\u9650\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9REST API\u5229\u7528\u8be5\u6f0f\u6d1e\u6dfb\u52a0\u3001\u7f16\u8f91\u6216\u5220\u9664\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Jetspeed User Manager\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Jetspeed \u003c2.3.1"
  },
  "referenceLink": "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and\r\nhttps://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171\r\nhttp://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CB9165E38-F3D8-496D-8642-8A53FCAC736A%40gmail.com%3E",
  "serverity": "\u4e2d",
  "submitTime": "2016-04-12",
  "title": "Apache Jetspeed User Manager\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e"
}

CVE-2016-2171 (GCVE-0-2016-2171)

Vulnerability from cvelistv5 – Published: 2016-04-11 14:00 – Updated: 2024-08-05 23:17

Summary

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://portals.apache.org/jetspeed-2/security-re…	x_refsource_CONFIRM
	http://mail-archives.apache.org/mod_mbox/portals-…	mailing-listx_refsource_MLIST
	http://haxx.ml/post/140552592371/remote-code-exec…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171"
          },
          {
            "name": "[portals-jetspeed-user] 20160329 [CVE-2016-2171] Jetspeed User Manager REST service not restricted by Jetspeed Security",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CB9165E38-F3D8-496D-8642-8A53FCAC736A%40gmail.com%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-04-11T13:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171"
        },
        {
          "name": "[portals-jetspeed-user] 20160329 [CVE-2016-2171] Jetspeed User Manager REST service not restricted by Jetspeed Security",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CB9165E38-F3D8-496D-8642-8A53FCAC736A%40gmail.com%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-2171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171",
              "refsource": "CONFIRM",
              "url": "https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171"
            },
            {
              "name": "[portals-jetspeed-user] 20160329 [CVE-2016-2171] Jetspeed User Manager REST service not restricted by Jetspeed Security",
              "refsource": "MLIST",
              "url": "http://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CB9165E38-F3D8-496D-8642-8A53FCAC736A%40gmail.com%3E"
            },
            {
              "name": "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and",
              "refsource": "MISC",
              "url": "http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2171",
    "datePublished": "2016-04-11T14:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2016-02167

CVE-2016-2171 (GCVE-0-2016-2171)

Tags

Sightings

Nomenclature