var-201509-0294
Vulnerability from variot
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. Vendors have confirmed this vulnerability Bug ID CSCus36435 and CSCus62625 It is released as.Skillfully crafted by a third party HTTP May be written to any file via request. Successful exploits may allow an attacker to overwrite arbitrary system files, resulting in system instability or a denial of service condition. This issue is being tracked by Cisco Bug IDs CSCus36435 and CSCus62625. The former is a set of tools for managing UCS (Unified Computing System). The latter is a set of unified infrastructure management tools. JavaServer Pages (JSP) is one of the standard components for dynamic web development
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.4_base"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.1.0.1"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0_base"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.1.0.0"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0.0.0"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1_base"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0.0.2"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0.0.3"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0.0.1"
},
{
"model": "unified computing system director",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.0.0"
},
{
"model": "integrated management controller supervisor",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.0.0"
},
{
"model": "integrated management controller supervisor",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.0.0.1"
},
{
"model": "unified computing system director",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "5.2.0.1"
},
{
"model": "unified computing system director",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.2.0.0"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.0.0"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.0.2"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.0.1"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.0.0"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.0.3"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.0.2"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.0.1"
},
{
"model": "integrated management controller supervisor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.0.0"
},
{
"model": "ucs director",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.0.1"
},
{
"model": "integrated management controller supervisor",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "76565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:4.0_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:3.4_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:4.1_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system_director:5.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6259"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "76565"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6259",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-6259",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84220",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6259",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-045",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84220",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84220"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. Vendors have confirmed this vulnerability Bug ID CSCus36435 and CSCus62625 It is released as.Skillfully crafted by a third party HTTP May be written to any file via request. \nSuccessful exploits may allow an attacker to overwrite arbitrary system files, resulting in system instability or a denial of service condition. \nThis issue is being tracked by Cisco Bug IDs CSCus36435 and CSCus62625. The former is a set of tools for managing UCS (Unified Computing System). The latter is a set of unified infrastructure management tools. JavaServer Pages (JSP) is one of the standard components for dynamic web development",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "BID",
"id": "76565"
},
{
"db": "VULHUB",
"id": "VHN-84220"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6259",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1033451",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045",
"trust": 0.7
},
{
"db": "BID",
"id": "76565",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84220",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84220"
},
{
"db": "BID",
"id": "76565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"id": "VAR-201509-0294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84220"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:34:28.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20150902-cimcs",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150902-cimcs"
},
{
"title": "40683",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40683"
},
{
"title": "cisco-sa-20150902-cimcs",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/jp/113/1135/1135284_cisco-sa-20150902-cimcs-j.html"
},
{
"title": "Cisco Integrated Management Controller Supervisor and UCS Director JavaServer Pages Fixes for component input validation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61031"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84220"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150902-cimcs"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033451"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6259"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6259"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84220"
},
{
"db": "BID",
"id": "76565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84220"
},
{
"db": "BID",
"id": "76565"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-84220"
},
{
"date": "2015-09-02T00:00:00",
"db": "BID",
"id": "76565"
},
{
"date": "2015-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"date": "2015-09-04T01:59:02.910000",
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"date": "2015-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-84220"
},
{
"date": "2015-09-02T00:00:00",
"db": "BID",
"id": "76565"
},
{
"date": "2015-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004592"
},
{
"date": "2016-12-29T13:16:10.730000",
"db": "NVD",
"id": "CVE-2015-6259"
},
{
"date": "2015-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Integrated Management Controller Supervisor and Unified Computing System Director of JSP Vulnerability written to arbitrary file in component",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004592"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-045"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.