mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
245 lines
8.5 KiB
JSON
245 lines
8.5 KiB
JSON
{
|
|
"id": "CVE-2015-2859",
|
|
"sourceIdentifier": "cret@cert.org",
|
|
"published": "2015-06-23T21:59:00.240",
|
|
"lastModified": "2024-11-21T02:28:13.297",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Intel McAfee ePolicy Orchestrator (ePO) 4.x hasta 4.6.9 y 5.x hasta 5.1.2 no valida los nombres de servidores y los nombres de de autoridades certificadoras en los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
|
"baseScore": 5.8,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 4.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-310"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "485DB16F-730A-44B2-A255-2583AB27DB9C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1C721D48-5D9B-4BFF-8A7F-6E88D1F78F34"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B6131764-811B-4302-B160-D6447D20795E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4773B847-1E1D-4106-88CF-35E38412466E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ADCCFECD-BFB3-415D-B381-D0FC714E8434"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4BA5473B-AF93-46A4-A28B-50B9E82BAFCE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A9C4BAB1-E198-477E-9B48-4CC526583A17"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D84606C7-E033-4864-A527-C75F4B7A307E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9F4A1B55-452B-4D1F-908E-795197974F4E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D5A2CABB-0BCB-4266-BA58-9FC81E89555C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E0080A5E-19E2-4BAA-BA80-1904A774CF8B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3171A1A7-E1B6-4957-BABE-DC0997ACB27B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F9284BEB-25CF-4888-AFDD-0073080361BE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "30C57CEF-BEAC-4BC8-9CBE-17B797EC52F5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FBBFF999-B630-4011-97CC-0C85251F7A5B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "98B45EBD-531A-4052-82E0-BE3F43132337"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8DA7EEDB-DFCE-464D-A4C3-7727BCF57E2D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BD14FE96-A47F-4C92-90E8-678D93BB4CB3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "648AAB2A-310B-493E-89DF-E8BCA56FB6FD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DE33AFB8-9962-4D75-B613-D5032A0949A1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CEBA52A8-233F-4015-B44B-1BF7B5593CCE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A0DBB72F-A984-4641-9230-97B815FCD31C"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.kb.cert.org/vuls/id/264092",
|
|
"source": "cret@cert.org",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/75020",
|
|
"source": "cret@cert.org"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1032571",
|
|
"source": "cret@cert.org"
|
|
},
|
|
{
|
|
"url": "https://kc.mcafee.com/corporate/index?page=content&id=KB84628",
|
|
"source": "cret@cert.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10120",
|
|
"source": "cret@cert.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.kb.cert.org/vuls/id/264092",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/75020",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1032571",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://kc.mcafee.com/corporate/index?page=content&id=KB84628",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10120",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |