VAR-200907-0376
Vulnerability from variot - Updated: 2023-12-18 12:11The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components. Sourcefire 3D Sensor and Defense Center are prone to multiple security-bypass vulnerabilities. An attacker may exploit these issues to gain administrative access to the vulnerable device, which may aid in further attacks. Versions prior to the following are vulnerable: Sourcefire 3D Sensor 4.8.2 Sourcefire Defense Center 4.8.2. Although the user.cgi PERL script correctly verifies that the incoming request belongs to an authenticated session, in this case it is blindly granted read and write access without regard to the role of the originator of the request, so even users with the lowest access levels (such as Users who have not configured any roles) can also promote them to administrators and change other roles or account parameters at will. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Sourcefire 3D Sensor and Defense Center "user.cgi" Security Bypass
SECUNIA ADVISORY ID: SA35658
VERIFY ADVISORY: http://secunia.com/advisories/35658/
DESCRIPTION: Gregory Duchemin has reported a vulnerability in Sourcefire 3D Sensor and Sourcefire Defense Center, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to improper access restrictions while processing requests sent to the admin/user/user.cgi script. This can be exploited to e.g. gain administrative access to the appliance by sending a specially crafted POST request to the affected script.
NOTE: Other scripts are reportedly affected by similar errors.
SOLUTION: Update to firmware version 4.8.2.
PROVIDED AND/OR DISCOVERED BY: Gregory Duchemin
ORIGINAL ADVISORY: http://milw0rm.com/exploits/9074
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200907-0376",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "defense center",
"scope": "eq",
"trust": 1.6,
"vendor": "sourcefire",
"version": "4.8.0.4"
},
{
"model": "defense center",
"scope": "eq",
"trust": 1.6,
"vendor": "sourcefire",
"version": "4.8"
},
{
"model": "3d sensor",
"scope": "eq",
"trust": 1.6,
"vendor": "sourcefire",
"version": "4.8.0.3"
},
{
"model": "3d sensor",
"scope": "eq",
"trust": 1.6,
"vendor": "sourcefire",
"version": "4.8.0.4"
},
{
"model": "defense center",
"scope": "eq",
"trust": 1.6,
"vendor": "sourcefire",
"version": "4.8.0.3"
},
{
"model": "3d sensor",
"scope": "eq",
"trust": 1.6,
"vendor": "sourcefire",
"version": "4.8"
},
{
"model": "3d sensor",
"scope": "lte",
"trust": 1.0,
"vendor": "sourcefire",
"version": "4.8.1"
},
{
"model": "defense center",
"scope": "lte",
"trust": 1.0,
"vendor": "sourcefire",
"version": "4.8.1"
},
{
"model": "defense center",
"scope": "eq",
"trust": 0.9,
"vendor": "sourcefire",
"version": "4.8.1"
},
{
"model": "3d sensor",
"scope": "eq",
"trust": 0.9,
"vendor": "sourcefire",
"version": "4.8.1"
},
{
"model": "3d sensor",
"scope": "lt",
"trust": 0.8,
"vendor": "sourcefire",
"version": "4.8.2"
},
{
"model": "defense center",
"scope": null,
"trust": 0.8,
"vendor": "sourcefire",
"version": null
},
{
"model": "defense center",
"scope": "ne",
"trust": 0.3,
"vendor": "sourcefire",
"version": "4.8.2"
},
{
"model": "3d sensor",
"scope": "ne",
"trust": 0.3,
"vendor": "sourcefire",
"version": "4.8.2"
}
],
"sources": [
{
"db": "BID",
"id": "35553"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006132"
},
{
"db": "NVD",
"id": "CVE-2009-2344"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-096"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sourcefire:3d_sensor:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sourcefire:3d_sensor:4.8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sourcefire:defense_center:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sourcefire:defense_center:4.8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sourcefire:defense_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.8.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sourcefire:3d_sensor:4.8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sourcefire:defense_center:4.8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sourcefire:3d_sensor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.8.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregory Duchemin c3rb3r@hotmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-096"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-2344",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-39790",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-2344",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200907-096",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-39790",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2009-2344",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39790"
},
{
"db": "VULMON",
"id": "CVE-2009-2344"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006132"
},
{
"db": "NVD",
"id": "CVE-2009-2344"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-096"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components. Sourcefire 3D Sensor and Defense Center are prone to multiple security-bypass vulnerabilities. An attacker may exploit these issues to gain administrative access to the vulnerable device, which may aid in further attacks. \nVersions prior to the following are vulnerable:\nSourcefire 3D Sensor 4.8.2\nSourcefire Defense Center 4.8.2. Although the user.cgi PERL script correctly verifies that the incoming request belongs to an authenticated session, in this case it is blindly granted read and write access without regard to the role of the originator of the request, so even users with the lowest access levels (such as Users who have not configured any roles) can also promote them to administrators and change other roles or account parameters at will. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nSourcefire 3D Sensor and Defense Center \"user.cgi\" Security Bypass\n\nSECUNIA ADVISORY ID:\nSA35658\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35658/\n\nDESCRIPTION:\nGregory Duchemin has reported a vulnerability in Sourcefire 3D Sensor\nand Sourcefire Defense Center, which can be exploited by malicious\npeople to bypass certain security restrictions. \n\nThe vulnerability is caused due to improper access restrictions while\nprocessing requests sent to the admin/user/user.cgi script. This can\nbe exploited to e.g. gain administrative access to the appliance by\nsending a specially crafted POST request to the affected script. \n\nNOTE: Other scripts are reportedly affected by similar errors. \n\nSOLUTION:\nUpdate to firmware version 4.8.2. \n\nPROVIDED AND/OR DISCOVERED BY:\nGregory Duchemin\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/9074\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2344"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006132"
},
{
"db": "BID",
"id": "35553"
},
{
"db": "VULHUB",
"id": "VHN-39790"
},
{
"db": "VULMON",
"id": "CVE-2009-2344"
},
{
"db": "PACKETSTORM",
"id": "78955"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-39790",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=9074",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39790"
},
{
"db": "VULMON",
"id": "CVE-2009-2344"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2344",
"trust": 2.6
},
{
"db": "BID",
"id": "35553",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "35658",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "9074",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-1785",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1022500",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006132",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090701 SOURCEFIRE 3D SENSOR AND DC, PRIVILEGE ESCALATION VULNERABILITY",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "9074",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200907-096",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-66683",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-39790",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-2344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "78955",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39790"
},
{
"db": "VULMON",
"id": "CVE-2009-2344"
},
{
"db": "BID",
"id": "35553"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006132"
},
{
"db": "PACKETSTORM",
"id": "78955"
},
{
"db": "NVD",
"id": "CVE-2009-2344"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-096"
}
]
},
"id": "VAR-200907-0376",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39790"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:11:36.023000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sourcefire.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006132"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39790"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006132"
},
{
"db": "NVD",
"id": "CVE-2009-2344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/35553"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id?1022500"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/35658"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2009/1785"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"
},
{
"trust": 1.2,
"url": "http://www.exploit-db.com/exploits/9074"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2344"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2344"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/504694/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/9074"
},
{
"trust": 0.3,
"url": "http://www.sourcefire.com/products/3d/sensor"
},
{
"trust": 0.3,
"url": "http://www.sourcefire.com/products/3d/defense_center"
},
{
"trust": 0.3,
"url": "/archive/1/504694"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/9074/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://milw0rm.com/exploits/9074"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35658/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39790"
},
{
"db": "VULMON",
"id": "CVE-2009-2344"
},
{
"db": "BID",
"id": "35553"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006132"
},
{
"db": "PACKETSTORM",
"id": "78955"
},
{
"db": "NVD",
"id": "CVE-2009-2344"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-096"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39790"
},
{
"db": "VULMON",
"id": "CVE-2009-2344"
},
{
"db": "BID",
"id": "35553"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006132"
},
{
"db": "PACKETSTORM",
"id": "78955"
},
{
"db": "NVD",
"id": "CVE-2009-2344"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-096"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-39790"
},
{
"date": "2009-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2009-2344"
},
{
"date": "2009-07-02T00:00:00",
"db": "BID",
"id": "35553"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006132"
},
{
"date": "2009-07-06T14:53:16",
"db": "PACKETSTORM",
"id": "78955"
},
{
"date": "2009-07-07T19:30:00.297000",
"db": "NVD",
"id": "CVE-2009-2344"
},
{
"date": "2009-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200907-096"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-39790"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2009-2344"
},
{
"date": "2009-07-07T22:06:00",
"db": "BID",
"id": "35553"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006132"
},
{
"date": "2018-10-10T19:39:42.070000",
"db": "NVD",
"id": "CVE-2009-2344"
},
{
"date": "2009-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200907-096"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-096"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sourcefire DC and 3D Sensor of Web Vulnerabilities that gain privileges in the base management interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006132"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-096"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…