VAR-201509-0294
Vulnerability from variot - Updated: 2023-12-18 13:34The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. Vendors have confirmed this vulnerability Bug ID CSCus36435 and CSCus62625 It is released as.Skillfully crafted by a third party HTTP May be written to any file via request. Successful exploits may allow an attacker to overwrite arbitrary system files, resulting in system instability or a denial of service condition. This issue is being tracked by Cisco Bug IDs CSCus36435 and CSCus62625. The former is a set of tools for managing UCS (Unified Computing System). The latter is a set of unified infrastructure management tools. JavaServer Pages (JSP) is one of the standard components for dynamic web development
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.4_base"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.1.0.1"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0_base"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.1.0.0"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0.0.0"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1_base"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0.0.2"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0.0.3"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0.0.1"
},
{
"model": "unified computing system director",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.0.0"
},
{
"model": "integrated management controller supervisor",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.0.0"
},
{
"model": "integrated management controller supervisor",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.0.0.1"
},
{
"model": "unified computing system director",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "5.2.0.1"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.2.0.0"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.0.0"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.0.2"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.0.1"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.0.0"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.0.3"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.0.2"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.0.1"
},
{
"model": "integrated management controller supervisor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.0.0"
},
{
"model": "ucs director",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.0.1"
},
{
"model": "integrated management controller supervisor",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "76565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:4.0_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:3.4_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:4.1_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6259"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "76565"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6259",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-6259",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84220",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6259",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-045",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84220",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84220"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. Vendors have confirmed this vulnerability Bug ID CSCus36435 and CSCus62625 It is released as.Skillfully crafted by a third party HTTP May be written to any file via request. \nSuccessful exploits may allow an attacker to overwrite arbitrary system files, resulting in system instability or a denial of service condition. \nThis issue is being tracked by Cisco Bug IDs CSCus36435 and CSCus62625. The former is a set of tools for managing UCS (Unified Computing System). The latter is a set of unified infrastructure management tools. JavaServer Pages (JSP) is one of the standard components for dynamic web development",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "BID",
"id": "76565"
},
{
"db": "VULHUB",
"id": "VHN-84220"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6259",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1033451",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045",
"trust": 0.7
},
{
"db": "BID",
"id": "76565",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84220",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84220"
},
{
"db": "BID",
"id": "76565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"id": "VAR-201509-0294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84220"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:34:28.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20150902-cimcs",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150902-cimcs"
},
{
"title": "40683",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40683"
},
{
"title": "cisco-sa-20150902-cimcs",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/jp/113/1135/1135284_cisco-sa-20150902-cimcs-j.html"
},
{
"title": "Cisco Integrated Management Controller Supervisor and UCS Director JavaServer Pages Fixes for component input validation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61031"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84220"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150902-cimcs"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033451"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6259"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6259"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84220"
},
{
"db": "BID",
"id": "76565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84220"
},
{
"db": "BID",
"id": "76565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-84220"
},
{
"date": "2015-09-02T00:00:00",
"db": "BID",
"id": "76565"
},
{
"date": "2015-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"date": "2015-09-04T01:59:02.910000",
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"date": "2015-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-84220"
},
{
"date": "2015-09-02T00:00:00",
"db": "BID",
"id": "76565"
},
{
"date": "2015-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"date": "2016-12-29T13:16:10.730000",
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"date": "2015-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Integrated Management Controller Supervisor and Unified Computing System Director of JSP Vulnerability written to arbitrary file in component",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…