mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
504 lines
18 KiB
JSON
504 lines
18 KiB
JSON
{
|
|
"id": "CVE-2017-7658",
|
|
"sourceIdentifier": "emo@eclipse.org",
|
|
"published": "2018-06-26T17:29:00.210",
|
|
"lastModified": "2024-11-21T03:32:23.850",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En Eclipse Jetty Server, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones que no sean HTTP/1.x) y versiones 9.4.x (todas las configuraciones HTTP/1.x), cuando se presentan con dos cabeceras content-lengths, Jetty ignora la segunda. Cuando se presenta con una cabecera de cifrado fragmentada y otra content-length, esta \u00faltima fue ignorada (seg\u00fan RFC 2616). Si un intermediario se decide por el tama\u00f1o m\u00e1s peque\u00f1o, pero se sigue pasando como el cuerpo m\u00e1s grande, el contenido del cuerpo podr\u00eda ser interpretado por Jetty como petici\u00f3n pipelined. Si el intermediario impone la autorizaci\u00f3n, la petici\u00f3n pipelined falsa omitir\u00eda dicha autorizaci\u00f3n."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"baseScore": 7.5,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "emo@eclipse.org",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-444"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-444"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "9.2.26",
|
|
"matchCriteriaId": "486E784F-1FC5-42AA-B144-EDBE5FE9B993"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "9.3.0",
|
|
"versionEndExcluding": "9.3.24",
|
|
"matchCriteriaId": "C513260A-7AD7-44C2-97F0-167B5819475E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "9.4.0",
|
|
"versionEndExcluding": "9.4.11",
|
|
"matchCriteriaId": "5A720480-0A8A-48FE-85FE-6973DAB7A7D5"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*",
|
|
"matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*",
|
|
"matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*",
|
|
"matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*",
|
|
"matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_xstore_payment:3.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8FBA1229-8AC0-4E6F-9F31-AB647160FB15"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
|
|
"versionStartIncluding": "8.4.0-00",
|
|
"versionEndIncluding": "8.6.2-00",
|
|
"matchCriteriaId": "3C209829-7941-4B64-89CA-0220804B6163"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:hp:xp_p9000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1CC9BC28-72E9-4D53-B388-6A8AB7CFD22E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3CF77086-43C1-44DB-A574-61A9A3DD1220"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.0",
|
|
"versionEndIncluding": "11.50.1",
|
|
"matchCriteriaId": "F5F95A41-A496-481C-A906-E0307AC1EA63"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "680ECEAE-D73F-47D2-8AF8-7704469CF3EA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A3246A7D-243B-415A-827D-C5D7F62AFE19"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.0",
|
|
"versionEndIncluding": "3.1.3",
|
|
"matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_for_7-mode:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D774A4A1-3D1E-4C31-B876-97BEA9E95027"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
|
|
"matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
|
|
"matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:storage_services_connector:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C27762B9-8042-429B-B714-3B3A17B2842A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/106566",
|
|
"source": "emo@eclipse.org",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1041194",
|
|
"source": "emo@eclipse.org",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669",
|
|
"source": "emo@eclipse.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E",
|
|
"source": "emo@eclipse.org"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E",
|
|
"source": "emo@eclipse.org"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E",
|
|
"source": "emo@eclipse.org"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
|
|
"source": "emo@eclipse.org"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E",
|
|
"source": "emo@eclipse.org"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E",
|
|
"source": "emo@eclipse.org"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E",
|
|
"source": "emo@eclipse.org"
|
|
},
|
|
{
|
|
"url": "https://security.netapp.com/advisory/ntap-20181014-0001/",
|
|
"source": "emo@eclipse.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us",
|
|
"source": "emo@eclipse.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.debian.org/security/2018/dsa-4278",
|
|
"source": "emo@eclipse.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
|
|
"source": "emo@eclipse.org"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
|
|
"source": "emo@eclipse.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
|
|
"source": "emo@eclipse.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
|
|
"source": "emo@eclipse.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/106566",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1041194",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://security.netapp.com/advisory/ntap-20181014-0001/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.debian.org/security/2018/dsa-4278",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |