mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
240 lines
8.9 KiB
JSON
240 lines
8.9 KiB
JSON
{
|
|
"id": "CVE-2014-2138",
|
|
"sourceIdentifier": "ykramarz@cisco.com",
|
|
"published": "2014-04-02T03:58:17.137",
|
|
"lastModified": "2014-04-02T16:56:56.573",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en el framework web en Cisco Security Manager 4.2 y anteriores permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de redirecci\u00f3n a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCun82349."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:*:-:*:*:*:*:*:*",
|
|
"versionEndIncluding": "4.2",
|
|
"matchCriteriaId": "37213FD2-3F3C-4338-8E76-8FE0B7CFEF28"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2F831EEB-A499-4C76-A085-52F3D750E0FD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "921F93B3-84A8-471B-9A3A-780C76BA3685"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ADDFAFD3-DEC0-4C6E-BE75-921286A3B2FF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.1.1:sp3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B2F46134-691C-4B96-87EE-6977E49905CD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.2:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D01CF39F-7492-4DB1-8EB7-01879EB8B6FF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.2:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "684784EB-A61E-4FBE-AC5F-AE7E69BD60A5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7061A26C-4BC0-4466-99FE-60620BA45629"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.1:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E3EAAD49-6786-4E0A-B9E1-C3D0BD061132"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0CA1A1A1-7D11-4627-B21B-986ED17052DF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D78BB8AD-03A2-4B49-907D-A9E569D20F10"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8F119D84-BFDB-4B8F-A562-9FD435D6AA0D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ACE44650-A39C-4CCE-B6C1-6BB8AF2C4561"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CB734AB4-510F-4664-8AE8-245C01081FE0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.3:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "464B6C02-500C-4047-AC5C-FFF8B4FE0339"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.3:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "16E3E0D8-EEFD-40A2-BEAA-0726D9A6AAC8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.3:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A88FE587-12D2-4164-8EBC-0BD5A24B33FB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "869F6480-DEFA-4470-8F09-373544056ECA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EEF0D9F6-5768-4E90-B025-FE5D7D93D5B4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F26AE3A9-F57D-41D7-8B90-23E4CEFF8532"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CF4C2C27-E015-4481-8D0F-05D8692D89B5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FB48A845-E183-493A-BF4E-AE919BD50D88"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:4.0:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7C9BB8F5-997E-4D2D-A859-FDC23D4AD28C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:4.0:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F1A7E9AE-64B8-475A-8914-1D3BFD79841A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "48ACDEF6-BAB4-4114-8034-15D58A1572CD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FAC58C2C-15B3-4CDD-A320-24D54F12BB72"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BDA8D184-1148-476D-9C35-0D2ED6B324EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B08598EC-5065-4497-80E6-43F145ACB1EA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:4.1:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8CAFA481-6CA8-4E74-9AEF-A497E23597AF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:security_manager:4.1:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DF3D3EA0-5EA3-4252-BA51-E149BE3F2AAB"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2138",
|
|
"source": "ykramarz@cisco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33607",
|
|
"source": "ykramarz@cisco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |