mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
348 lines
12 KiB
JSON
348 lines
12 KiB
JSON
{
|
|
"id": "CVE-2013-4444",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2014-09-12T01:55:06.730",
|
|
"lastModified": "2024-11-21T01:55:34.823",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de la subida de ficheros sin restricciones Apache Tomcat 7.x anterior a 7.0.40, en ciertas situaciones que implican c\u00f3digo anticuado java.io.File y configuraci\u00f3n JMX personalizada, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la subida y el acceso a un archivo JSP."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"baseScore": 6.8,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-94"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "7.0.39",
|
|
"matchCriteriaId": "CEBF404D-B53C-4B16-9010-0777DEE1B9E8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0F8C62EF-1B67-456A-9C66-755439CF8556"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
|
|
"matchCriteriaId": "33E9607B-4D28-460D-896B-E4B7FA22441E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A819E245-D641-4F19-9139-6C940504F6E7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
|
|
"matchCriteriaId": "81A31CA0-A209-4C49-AA06-C38E165E5B68"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7205475A-6D04-4042-B24E-1DA5A57029B7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "08022987-B36B-4F63-88A5-A8F59195DF4A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0AA563BF-A67A-477D-956A-167ABEF885C5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A9731BAA-4C6C-4259-B786-F577D8A90FA1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1F74A421-D019-4248-84B8-C70D4D9A8A95"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "05346F5A-FB52-4376-AAC7-9A5308216545"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "305688F2-50A6-41FB-8614-BC589DB9A789"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D24AA431-C436-4AA5-85DF-B9AAFF2548FC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "25966344-15D5-4101-9346-B06BFD2DFFF5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "11F4CBAC-27B1-4EFF-955A-A63B457D0578"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FD55B338-9DBE-4643-ABED-A08964D3AF7C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0D4F710E-06EA-48F4-AC6A-6F143950F015"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2C4936C2-0B2D-4C44-98C3-443090965F5E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "48453405-2319-4327-9F4C-6F70B49452C6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "49DD9544-6424-41A6-AEC0-EC19B8A10E71"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E4670E65-2E11-49A4-B661-57C2F60D411F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5E8FF71D-4710-4FBB-9925-A6A26C450F7D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "31002A23-4788-4BC7-AE11-A3C2AA31716D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7144EDDF-8265-4642-8EEB-ED52527E0A26"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DF06B5C1-B9DD-4673-A101-56E1E593ACDD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7D731065-626B-4425-8E49-F708DD457824"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B3D850EA-E537-42C8-93B9-96E15CB26747"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E037DA05-2BEF-4F64-B8BB-307247B6A05C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BCAF1EB5-FB34-40FC-96ED-9D073890D8BF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D395D95B-1F4A-420E-A0F6-609360AF7B69"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9BD221BA-0AB6-4972-8AD9-5D37AC07762F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E55B6565-96CB-4F6A-9A80-C3FB82F30546"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D3300AFE-49A4-4904-B9A0-5679F09FA01E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ED5125CC-05F9-4678-90DB-A5C7CD24AE6F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1B904C74-B92E-4EAE-AE6C-78E2B844C3DB"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2014/10/24/12",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2021/Jan/23",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://tomcat.apache.org/security-7.html",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.debian.org/security/2016/dsa-3447",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/69728",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1030834",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2014/10/24/12",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2021/Jan/23",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://tomcat.apache.org/security-7.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.debian.org/security/2016/dsa-3447",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/69728",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1030834",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |