FKIE_CVE-2011-4311

Vulnerability from fkie_nvd - Published: 2011-11-19 03:58 - Updated: 2025-04-11 00:51
Severity ?
Summary
ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.
References
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/11/13/2
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/11/14/3
secalert@redhat.comhttp://www.resourcespace.org/download.phpPatch
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/11/13/2
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/11/14/3
af854a3a-2127-422b-91ae-364da2661108http://www.resourcespace.org/download.phpPatch
Impacted products
Vendor Product Version
montala resourcespace *
montala resourcespace 2.2.1240
montala resourcespace 2.3.1374
montala resourcespace 3.0.1490
montala resourcespace 3.1.1557
montala resourcespace 3.2.1651
montala resourcespace 3.3.1723
montala resourcespace 3.4.1794
montala resourcespace 3.5.1857
montala resourcespace 3.6.2022
montala resourcespace 3.7.2088
montala resourcespace 3.8.2144
montala resourcespace 3.9.2269
montala resourcespace 4.0.2429
montala resourcespace 4.1.2567
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C38AE3CB-68EB-4912-A511-4A63E8E5A4A0",
              "versionEndIncluding": "4.2.2816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:2.2.1240:*:*:*:*:*:*:*",
              "matchCriteriaId": "52AD45F5-445F-4FCB-956A-4CF9D5F40F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:2.3.1374:*:*:*:*:*:*:*",
              "matchCriteriaId": "957E93D7-8A99-4833-ACCF-B962F5230521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:3.0.1490:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31881B6-CDE6-4FD1-B478-9E68D12EF7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:3.1.1557:*:*:*:*:*:*:*",
              "matchCriteriaId": "D941F016-7159-40F1-9766-DD35BDAFF845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:3.2.1651:*:*:*:*:*:*:*",
              "matchCriteriaId": "94250016-6E5E-4E19-BD3C-582A0C4635DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:3.3.1723:*:*:*:*:*:*:*",
              "matchCriteriaId": "758FD1C3-386A-4023-9071-4D586B5CE101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:3.4.1794:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D3EE93-8486-4160-9D48-AE5B59BA4249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:3.5.1857:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EAB3221-8A15-4C92-A43E-9122F067E9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:3.6.2022:*:*:*:*:*:*:*",
              "matchCriteriaId": "2450ACA2-D216-4AF1-9578-D602D4901AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:3.7.2088:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C86694B-12A0-4AA8-899D-F0990EA8C9B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:3.8.2144:*:*:*:*:*:*:*",
              "matchCriteriaId": "638866F8-C485-4927-8034-1944779392AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:3.9.2269:*:*:*:*:*:*:*",
              "matchCriteriaId": "60685610-36EC-4388-904C-506A003C819A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:4.0.2429:*:*:*:*:*:*:*",
              "matchCriteriaId": "21AD3E99-4807-4568-B68F-A56B3B18547C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:montala:resourcespace:4.1.2567:*:*:*:*:*:*:*",
              "matchCriteriaId": "80269ABE-3407-46AF-A76B-C15893D08073",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "ResourceSpace antes de v4.02.2833 no valida correctamente las claves de acceso, lo que permite a atacantes remotos evitar las restricciones de los recursos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2011-4311",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-11-19T03:58:55.680",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/11/13/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/11/14/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.resourcespace.org/download.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/11/13/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/11/14/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.resourcespace.org/download.php"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.