cnvd - cnvd-2017-01880

CNVD-2017-01880

Vulnerability from cnvd - Published: 2017-02-24

Title

EMC RecoverPoint SSL Stripping安全绕过漏洞

Description

EMC RecoverPoint是一套灾难恢复和数据保护软件,EMC RecoverPoint for Virtual Machines（VMs）是一套面向VMware环境的灾难恢复解决方案。 EMC RecoverPoint SSL Stripping安全绕过漏洞。允许攻击者执行中间人攻击并获取访问到敏感信息的权限，导致进一步攻击。

Severity

中

Patch Name

EMC RecoverPoint SSL Stripping安全绕过漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://store.emc.com/en-us/Solve-For/STORAGE-PRODUCTS/Dell-EMC-RecoverPoint/p/EMC-RecoverPoint?productCode=&fromPage=PVP

Reference

http://www.securityfocus.com/bid/96156

Impacted products

Name
['DELL EMC RecoverPoint for Virtual Machines 4.3.1.4', 'DELL EMC RecoverPoint for Virtual Machines 4.0', 'DELL EMC RecoverPoint 4.4.1.1', 'DELL EMC RecoverPoint 4.4.1.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96156"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6650",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6650"
    }
  },
  "description": "EMC RecoverPoint\u662f\u4e00\u5957\u707e\u96be\u6062\u590d\u548c\u6570\u636e\u4fdd\u62a4\u8f6f\u4ef6,EMC RecoverPoint for Virtual Machines\uff08VMs\uff09\u662f\u4e00\u5957\u9762\u5411VMware\u73af\u5883\u7684\u707e\u96be\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nEMC RecoverPoint SSL Stripping\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u5e76\u83b7\u53d6\u8bbf\u95ee\u5230\u654f\u611f\u4fe1\u606f\u7684\u6743\u9650\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
  "discovererName": "Mike Erman, Jack Baker and Joshua Burbrink from Northrop Grumman",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://store.emc.com/en-us/Solve-For/STORAGE-PRODUCTS/Dell-EMC-RecoverPoint/p/EMC-RecoverPoint?productCode=\u0026fromPage=PVP",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01880",
  "openTime": "2017-02-24",
  "patchDescription": "EMC RecoverPoint\u662f\u4e00\u5957\u707e\u96be\u6062\u590d\u548c\u6570\u636e\u4fdd\u62a4\u8f6f\u4ef6,EMC RecoverPoint for Virtual Machines\uff08VMs\uff09\u662f\u4e00\u5957\u9762\u5411VMware\u73af\u5883\u7684\u707e\u96be\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nEMC RecoverPoint SSL Stripping\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u5e76\u83b7\u53d6\u8bbf\u95ee\u5230\u654f\u611f\u4fe1\u606f\u7684\u6743\u9650\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC RecoverPoint SSL Stripping\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "DELL EMC RecoverPoint for Virtual Machines 4.3.1.4",
      "DELL EMC RecoverPoint for Virtual Machines  4.0",
      "DELL EMC RecoverPoint 4.4.1.1",
      "DELL EMC RecoverPoint  4.4.1.0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/96156",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-17",
  "title": "EMC RecoverPoint SSL Stripping\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2016-6650 (GCVE-0-2016-6650)

Vulnerability from cvelistv5 – Published: 2017-03-21 16:00 – Updated: 2024-08-06 01:36

Summary

EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.

Severity ?

No CVSS data available.

CWE

SSL Stripping Vulnerability

Assigner

dell

References

URL

Tags

	http://www.securitytracker.com/id/1038066	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/540303/30/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/96156	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0	Affected: EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:36:29.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038066",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038066"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540303/30/0/threaded"
          },
          {
            "name": "96156",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96156"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0"
            }
          ]
        }
      ],
      "datePublic": "2017-03-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SSL Stripping Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-11T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1038066",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038066"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.securityfocus.com/archive/1/540303/30/0/threaded"
        },
        {
          "name": "96156",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96156"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2016-6650",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SSL Stripping Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038066",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038066"
            },
            {
              "name": "http://www.securityfocus.com/archive/1/540303/30/0/threaded",
              "refsource": "CONFIRM",
              "url": "http://www.securityfocus.com/archive/1/540303/30/0/threaded"
            },
            {
              "name": "96156",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96156"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2016-6650",
    "datePublished": "2017-03-21T16:00:00",
    "dateReserved": "2016-08-10T00:00:00",
    "dateUpdated": "2024-08-06T01:36:29.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-01880

CVE-2016-6650 (GCVE-0-2016-6650)

Tags

Sightings

Nomenclature