nvd-json-data-feeds/CVE-2015/CVE-2015-02xx/CVE-2015-0297.json

{
  "id": "CVE-2015-0297",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2015-04-24T14:59:06.000",
  "lastModified": "2015-10-05T21:33:54.643",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager."
    },
    {
      "lang": "es",
      "value": "Red Hat JBoss Operations Network 3.3.1 no restringe adecuadamente el acceso a ciertas APIs, lo que permite a atacantes remotos ejecutar m\u00e9todos Java arbitrarios a trav\u00e9s de (1) ServerInvokerServlet o (2) SchedulerService o (3) causar una denegaci\u00f3n de servicio (consumo de disco) a trav\u00e9s de ContentManager."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 8.5,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89C680ED-9ACF-4B3E-BE2C-5C47DE6DC30D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0862.html",
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1032181",
      "source": "secalert@redhat.com"
    }
  ]
}