mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
393 lines
15 KiB
JSON
393 lines
15 KiB
JSON
{
|
|
"id": "CVE-2017-7989",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2017-04-25T18:59:00.463",
|
|
"lastModified": "2017-05-02T18:06:55.070",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una inadecuada comprobaci\u00f3n de tipos MIME en Joomla! 3.2.0 hasta 3.6.5 permite a usuarios con pocos privilegios cargar archivos swf aunque est\u00e9n expl\u00edcitamente prohibidos."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-434"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "83513309-01CD-411C-82EF-62C1F7F4764F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "27BABCB8-916D-452E-8848-B51B3374CE8B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CD14669F-9C13-46BA-A45B-EC0B4081D105"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "370F58E9-AD21-446F-BC29-10F2A448F18E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "56C7EA5D-CEB8-45C6-A50F-577B02BBD25F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3A3ED8A4-60AF-4347-8A4E-41BAF7ED09B1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C4B4D693-A540-4FB3-B7F9-9746F01B44CA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B9623DC6-3822-4493-A0CC-C87134799D67"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5B71C854-FDCA-40C9-BB18-D7947BE81F04"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DC3861B6-CBD7-438E-A067-AEAEBB6C09B7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "92F78591-585E-4571-813C-528256709932"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CA20940F-8056-4F18-8D8A-4CE1EE22327E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:alpha:*:*:*:*:*:*",
|
|
"matchCriteriaId": "228B8684-EC16-4DB7-B8EE-7C2C009FA946"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:beta1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "20DA0D93-26C1-4D24-993C-F07B102EAD55"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:beta2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CB372030-D07A-42DD-AF36-CD47EA2D8F2F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:beta3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80E2143F-76E8-4BAF-8EAD-68E86EC73060"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0CAEC506-1375-4BC7-BEB4-85F90491BDA7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EA6D81D1-16F7-448B-BA23-C24AAAE1A096"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "43B63EB2-031C-47A0-875E-6D3FF5B32D2A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F3931745-E865-419E-A252-5306A63878D0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "176F330D-DAC5-4D3E-823D-E59E6469D089"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.2:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2C1C8F45-53F2-468E-97D5-E7D1FE9F789E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2E76ADE1-A88F-468B-8D9C-72B90AF2A75A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "98475DA0-9D72-4952-878B-4DD619132E66"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8D6C4C68-E526-408F-A54D-86CB3E5D800F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CA0B678E-DB68-4F62-9E94-2A2D9053BCDF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ED5427CD-4C44-4B6A-A72E-BF27BECFD631"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2FC7FF37-53BA-4DCB-B350-3D779977A853"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.8:rc:*:*:*:*:*:*",
|
|
"matchCriteriaId": "44C6373A-1200-49D8-87B8-1D923752E04D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "76D4E968-72C3-40D1-A9E0-FC1C45513436"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.0:beta:*:*:*:*:*:*",
|
|
"matchCriteriaId": "639BD6FA-F5A9-4D58-9FD0-F20610CFF48A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.0:beta2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "871D0251-2BF5-4167-9B40-2D8024154802"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.0:beta3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E59A3191-47BB-438D-87BC-74CB19DC99BA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.0:beta4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B36EC1DA-762B-4686-BE6E-6604D02F9FE3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.0:beta5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DB0FE2EA-51E5-43FE-8DEA-94EA8A016B6A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.0:rc:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D5870A8F-914C-474F-BB4D-41F23061E1A4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.0:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7945BC2A-0357-4E49-9314-C8C75B926585"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.0:rc3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "622CF895-3402-449F-A769-535ABD102D4B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.0:rc4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "04E27344-9C09-4202-8AFD-D2ADD8294D5F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "91B37E54-0DCD-4A8B-83A0-3B14B962EBEA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.5.1:rc:*:*:*:*:*:*",
|
|
"matchCriteriaId": "76E37DC8-1D4D-4E82-BB27-F6B5B947C8E7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AC7B9A2E-1D53-4F55-A021-4B28C1F95C0E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.0:alpha:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5DCF94C1-7F4C-4F0D-973D-1A44F3CA2583"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.0:beta1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C9F3AD2F-5503-4A6A-BF32-6B570F5C383E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.0:beta2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F86FF086-3D89-4350-92BC-8914ACD471A0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.0:rc:*:*:*:*:*:*",
|
|
"matchCriteriaId": "352A89E4-8031-4AF7-8A57-A4BDF72FE56E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.0:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BC86535F-D1AE-4F4C-8B2D-6418D789CA08"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "003DBC50-8865-4704-BC79-1D945499BEF5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.1:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F05F8CEE-67F3-4868-87A6-E9DBAE70AA8F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.1:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "72C3D2D6-BCC8-4381-B941-09FE693B8AD3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3A79B694-384E-4DDD-9AE5-DFFF1E695BA7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2F3C0F39-B5FD-409C-8AA1-720720704952"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.3:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "53190951-2DCC-4B00-A921-8F77A044FD78"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.3:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "77138C7E-04FE-4442-AEF9-BE8EB68F5ECC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.3:rc3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5A0C7A46-1EF2-4DD4-991E-F120F994161C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0E250E60-0F12-48F4-8959-CC2641A3E8D8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.6.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0598E85E-BD26-4E5F-86AC-AE1C2BC786F4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/98029",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://developer.joomla.org/security-centre/689-20170407-core-acl-violations",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |