cvelistv5 - cve-2017-5182

CVE-2017-5182 (GCVE-0-2017-5182)

Vulnerability from cvelistv5 – Published: 2017-01-23 15:00 – Updated: 2024-08-05 14:55

Summary

Severity ?

No CVSS data available.

CWE

unauthenticated directory traversal

Assigner

microfocus

References

URL

Tags

	https://www.novell.com/support/kb/doc.php?id=7018503	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037689	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/95743	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Micro Focus International	Open Enterprise Server	Affected: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
          },
          {
            "name": "1037689",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037689"
          },
          {
            "name": "95743",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95743"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Open Enterprise Server",
          "vendor": "Micro Focus International",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2017-01-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unauthenticated directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:47",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
        },
        {
          "name": "1037689",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037689"
        },
        {
          "name": "95743",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95743"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2017-5182",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Open Enterprise Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Micro Focus International"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unauthenticated directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.novell.com/support/kb/doc.php?id=7018503",
              "refsource": "CONFIRM",
              "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
            },
            {
              "name": "1037689",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037689"
            },
            {
              "name": "95743",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95743"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2017-5182",
    "datePublished": "2017-01-23T15:00:00",
    "dateReserved": "2017-01-06T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:open_enterprise_server:2.0:*:*:*:*:linux_kernel:*:*\", \"matchCriteriaId\": \"82A92EAA-F64B-4DFE-8471-151ACE7A84EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:open_enterprise_server:2015:*:*:*:*:linux_kernel:*:*\", \"matchCriteriaId\": \"F7B0F432-2442-48D7-941C-EA5BF417D891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:novell:open_enterprise_server:11.0:*:*:*:*:linux_kernel:*:*\", \"matchCriteriaId\": \"2510A39F-B565-4060-8B20-3A3A9EB510A1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).\"}, {\"lang\": \"es\", \"value\": \"Remote Manager en Open Enterprise Server (OES) permite a atacantes remotos no autenticados leer cualquier archivo arbitrario, a trav\\u00e9s de una URL especialmente manipulada, que permite un salto de directorio completo y una divulgaci\\u00f3n total de informaci\\u00f3n. Esta vulnerabilidad esta presente en todas las versiones de OES para linux, it applies to OES2015 SP1 en versiones anteriores a Maintenance Update 11080, OES2015 en versiones anteriores a Maintenance Update 11079, OES11 SP3 en versiones anteriores a Maintenance Update 11078, OES11 SP2 en versiones anteriores a Maintenance Update 11077).\"}]",
      "id": "CVE-2017-5182",
      "lastModified": "2024-11-21T03:27:13.067",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:N/A:N\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-01-23T15:59:00.137",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/95743\", \"source\": \"security@opentext.com\"}, {\"url\": \"http://www.securitytracker.com/id/1037689\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://www.novell.com/support/kb/doc.php?id=7018503\", \"source\": \"security@opentext.com\"}, {\"url\": \"http://www.securityfocus.com/bid/95743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1037689\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.novell.com/support/kb/doc.php?id=7018503\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@opentext.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}, {\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-5182\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2017-01-23T15:59:00.137\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).\"},{\"lang\":\"es\",\"value\":\"Remote Manager en Open Enterprise Server (OES) permite a atacantes remotos no autenticados leer cualquier archivo arbitrario, a trav\u00e9s de una URL especialmente manipulada, que permite un salto de directorio completo y una divulgaci\u00f3n total de informaci\u00f3n. Esta vulnerabilidad esta presente en todas las versiones de OES para linux, it applies to OES2015 SP1 en versiones anteriores a Maintenance Update 11080, OES2015 en versiones anteriores a Maintenance Update 11079, OES11 SP3 en versiones anteriores a Maintenance Update 11078, OES11 SP2 en versiones anteriores a Maintenance Update 11077).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:N/A:N\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:open_enterprise_server:2.0:*:*:*:*:linux_kernel:*:*\",\"matchCriteriaId\":\"82A92EAA-F64B-4DFE-8471-151ACE7A84EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:open_enterprise_server:2015:*:*:*:*:linux_kernel:*:*\",\"matchCriteriaId\":\"F7B0F432-2442-48D7-941C-EA5BF417D891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:novell:open_enterprise_server:11.0:*:*:*:*:linux_kernel:*:*\",\"matchCriteriaId\":\"2510A39F-B565-4060-8B20-3A3A9EB510A1\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/95743\",\"source\":\"security@opentext.com\"},{\"url\":\"http://www.securitytracker.com/id/1037689\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.novell.com/support/kb/doc.php?id=7018503\",\"source\":\"security@opentext.com\"},{\"url\":\"http://www.securityfocus.com/bid/95743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.novell.com/support/kb/doc.php?id=7018503\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2017-5182

Vulnerability from fkie_nvd - Published: 2017-01-23 15:59 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security@opentext.com	http://www.securityfocus.com/bid/95743
	security@opentext.com	http://www.securitytracker.com/id/1037689
	security@opentext.com	https://www.novell.com/support/kb/doc.php?id=7018503
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95743
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037689
	af854a3a-2127-422b-91ae-364da2661108	https://www.novell.com/support/kb/doc.php?id=7018503

Impacted products

Vendor	Product	Version
novell	open_enterprise_server	2.0
novell	open_enterprise_server	2015
novell	open_enterprise_server	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:novell:open_enterprise_server:2.0:*:*:*:*:linux_kernel:*:*",
              "matchCriteriaId": "82A92EAA-F64B-4DFE-8471-151ACE7A84EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:open_enterprise_server:2015:*:*:*:*:linux_kernel:*:*",
              "matchCriteriaId": "F7B0F432-2442-48D7-941C-EA5BF417D891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:open_enterprise_server:11.0:*:*:*:*:linux_kernel:*:*",
              "matchCriteriaId": "2510A39F-B565-4060-8B20-3A3A9EB510A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077)."
    },
    {
      "lang": "es",
      "value": "Remote Manager en Open Enterprise Server (OES) permite a atacantes remotos no autenticados leer cualquier archivo arbitrario, a trav\u00e9s de una URL especialmente manipulada, que permite un salto de directorio completo y una divulgaci\u00f3n total de informaci\u00f3n. Esta vulnerabilidad esta presente en todas las versiones de OES para linux, it applies to OES2015 SP1 en versiones anteriores a Maintenance Update 11080, OES2015 en versiones anteriores a Maintenance Update 11079, OES11 SP3 en versiones anteriores a Maintenance Update 11078, OES11 SP2 en versiones anteriores a Maintenance Update 11077)."
    }
  ],
  "id": "CVE-2017-5182",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-23T15:59:00.137",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "http://www.securityfocus.com/bid/95743"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.securitytracker.com/id/1037689"
    },
    {
      "source": "security@opentext.com",
      "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/95743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        },
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201701-0688

Vulnerability from variot - Updated: 2023-12-18 13:29

Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). Novell Open Enterprise Server (OES) is an enterprise server from Novell, Inc., which provides network services, file and print services, and network management functions. Novell OpenEnterpriseServer has a directory traversal vulnerability that stems from a failure to fully validate user input. Information harvested may aid in launching further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0688",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "open enterprise server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "novell",
        "version": "2.0"
      },
      {
        "model": "open enterprise server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "novell",
        "version": "11.0"
      },
      {
        "model": "open enterprise server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "novell",
        "version": "2015"
      },
      {
        "model": "open enterprise server (oes linux",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "novell",
        "version": "2015)2015"
      },
      {
        "model": "open enterprise server (oes linux",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "novell",
        "version": "2)2"
      },
      {
        "model": "open enterprise server (oes linux",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "novell",
        "version": "11)11"
      },
      {
        "model": "open enterprise server",
        "scope": null,
        "trust": 0.8,
        "vendor": "microfocus",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      },
      {
        "db": "BID",
        "id": "95743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-245"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:novell:open_enterprise_server:2.0:*:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:novell:open_enterprise_server:2015:*:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:open_enterprise_server:11.0:*:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5182"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Illinois Department of Innovation \u0026 Technology, Division of Information Security",
    "sources": [
      {
        "db": "BID",
        "id": "95743"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-5182",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-5182",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-01095",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-5182",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-5182",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-01095",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201701-245",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-245"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). Novell Open Enterprise Server (OES) is an enterprise server from Novell, Inc., which provides network services, file and print services, and network management functions. Novell OpenEnterpriseServer has a directory traversal vulnerability that stems from a failure to fully validate user input. Information harvested may aid in launching further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      },
      {
        "db": "BID",
        "id": "95743"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-5182",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "95743",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1037689",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001356",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01095",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-245",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      },
      {
        "db": "BID",
        "id": "95743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-245"
      }
    ]
  },
  "id": "VAR-201701-0688",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:29:26.366000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Micro Focus Open Enterprise Server directory traversal vulnerability CVE-2017-5182",
        "trust": 0.8,
        "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
      },
      {
        "title": "NovellOpenEnterpriseServer directory traversal vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/88791"
      },
      {
        "title": "Micro Focus OES Remote Manager Fixes for path traversal vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110354"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-245"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5182"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/95743"
      },
      {
        "trust": 1.9,
        "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1037689"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5182"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5182"
      },
      {
        "trust": 0.3,
        "url": "http://www.novell.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      },
      {
        "db": "BID",
        "id": "95743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-245"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      },
      {
        "db": "BID",
        "id": "95743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-245"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      },
      {
        "date": "2017-01-20T00:00:00",
        "db": "BID",
        "id": "95743"
      },
      {
        "date": "2017-02-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      },
      {
        "date": "2017-01-23T15:59:00.137000",
        "db": "NVD",
        "id": "CVE-2017-5182"
      },
      {
        "date": "2017-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-245"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-01095"
      },
      {
        "date": "2017-02-02T04:01:00",
        "db": "BID",
        "id": "95743"
      },
      {
        "date": "2017-02-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      },
      {
        "date": "2023-11-07T02:49:19.643000",
        "db": "NVD",
        "id": "CVE-2017-5182"
      },
      {
        "date": "2020-02-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-245"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-245"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Linux for  Open Enterprise Server of  Remote Manager Vulnerable to directory traversal",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001356"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-245"
      }
    ],
    "trust": 0.6
  }
}

GHSA-5FP2-P67M-GRX9

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-5182"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-23T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).",
  "id": "GHSA-5fp2-p67m-grx9",
  "modified": "2022-05-13T01:28:15Z",
  "published": "2022-05-13T01:28:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5182"
    },
    {
      "type": "WEB",
      "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95743"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037689"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-01095

Vulnerability from cnvd - Published: 2017-02-08

Title

Novell Open Enterprise Server目录遍历漏洞

Description

Novell Open Enterprise Server（OES）是美国Novell公司的一款企业级服务器，它提供了网络服务、文件和打印服务以及网络管理功能。 Novell Open Enterprise Server存在目录遍历漏洞，该漏洞源于未能充分验证用户输入。远程攻击者可利用该漏洞使用目录遍历字符（‘.../’）访问包含敏感信息的任意文件，发动进一步攻击。

Severity

高

Patch Name

Novell Open Enterprise Server目录遍历漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://www.novell.com/home/

Reference

http://www.securityfocus.com/bid/95743

Impacted products

Name
['Novell Open Enterprise Server (OES 2015) 2015 Linux', 'Novell Open Enterprise Server (OES 2) 2 Linux', 'Novell Open Enterprise Server (OES 11) 11 Linux']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95743"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5182",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5182"
    }
  },
  "description": "Novell Open Enterprise Server\uff08OES\uff09\u662f\u7f8e\u56fdNovell\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u670d\u52a1\u5668\uff0c\u5b83\u63d0\u4f9b\u4e86\u7f51\u7edc\u670d\u52a1\u3001\u6587\u4ef6\u548c\u6253\u5370\u670d\u52a1\u4ee5\u53ca\u7f51\u7edc\u7ba1\u7406\u529f\u80fd\u3002\r\n\r\nNovell Open Enterprise Server\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u76ee\u5f55\u904d\u5386\u5b57\u7b26\uff08\u2018.../\u2019\uff09\u8bbf\u95ee\u5305\u542b\u654f\u611f\u4fe1\u606f\u7684\u4efb\u610f\u6587\u4ef6\uff0c\u53d1\u52a8\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
  "discovererName": "Illinois Department of Innovation \u0026 Technology, Division of Information Security",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.novell.com/home/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01095",
  "openTime": "2017-02-08",
  "patchDescription": "Novell Open Enterprise Server\uff08OES\uff09\u662f\u7f8e\u56fdNovell\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u670d\u52a1\u5668\uff0c\u5b83\u63d0\u4f9b\u4e86\u7f51\u7edc\u670d\u52a1\u3001\u6587\u4ef6\u548c\u6253\u5370\u670d\u52a1\u4ee5\u53ca\u7f51\u7edc\u7ba1\u7406\u529f\u80fd\u3002\r\n\r\nNovell Open Enterprise Server\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u76ee\u5f55\u904d\u5386\u5b57\u7b26\uff08\u2018.../\u2019\uff09\u8bbf\u95ee\u5305\u542b\u654f\u611f\u4fe1\u606f\u7684\u4efb\u610f\u6587\u4ef6\uff0c\u53d1\u52a8\u8fdb\u4e00\u6b65\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Novell Open Enterprise Server\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Novell Open Enterprise Server (OES 2015) 2015 Linux",
      "Novell Open Enterprise Server (OES 2) 2 Linux",
      "Novell Open Enterprise Server (OES 11) 11 Linux"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95743",
  "serverity": "\u9ad8",
  "submitTime": "2017-01-25",
  "title": "Novell Open Enterprise Server\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

GSD-2017-5182

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-5182

Aliases

CVE-2017-5182

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-5182",
    "description": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).",
    "id": "GSD-2017-5182",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-5182.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-5182"
      ],
      "details": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).",
      "id": "GSD-2017-5182",
      "modified": "2023-12-13T01:21:14.177757Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "ID": "CVE-2017-5182",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Open Enterprise Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Micro Focus International"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unauthenticated directory traversal"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.novell.com/support/kb/doc.php?id=7018503",
            "refsource": "CONFIRM",
            "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
          },
          {
            "name": "1037689",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037689"
          },
          {
            "name": "95743",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95743"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:novell:open_enterprise_server:11.0:*:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:novell:open_enterprise_server:2.0:*:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:novell:open_enterprise_server:2015:*:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2017-5182"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                },
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.novell.com/support/kb/doc.php?id=7018503",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
            },
            {
              "name": "95743",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95743"
            },
            {
              "name": "1037689",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037689"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-02-24T14:15Z",
      "publishedDate": "2017-01-23T15:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-5182 (GCVE-0-2017-5182)

FKIE_CVE-2017-5182

VAR-201701-0688

GHSA-5FP2-P67M-GRX9

CNVD-2017-01095

GSD-2017-5182

Tags

Sightings

Nomenclature