SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   EMC ViPR SRM Vendors:   EMC
EMC ViPR SRM WebService Gateway Directory Traversal Flaw Lets Remote Authenticated Users Access and Modify Data and JMX Protocol Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1039417
SecurityTracker URL:  http://securitytracker.com/id/1039417
CVE Reference:   CVE-2017-8007, CVE-2017-8012   (Links to External Site)
Date:  Sep 21 2017
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in EMC ViPR SRM. A remote authenticated user can access and modify data on the target system. A remote user can cause denial of service conditions on the target system.

A remote authenticated user can supply specially crafted parameter values to the target Webservice Gateway to access, modify, and delete data on the target system [CVE-2017-8007].

A remote user can send specially crafted Java Management Extensions (JMX) protocol data to create files on the target system and cause denial of service conditions [CVE-2017-8012].

rgod (via Trend Micro Zero Day Initiative (ZDI)) reported these vulnerabilities.

Impact:   A remote authenticated user can access, modify, and delete data on the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix (4.1; Advisory ESA-2017-081).

The vendor advises changing any default WebService Gateway credentials and JMX agent credentials.

Vendor URL:  www.emc.com/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (CentOS), Linux (Red Hat Enterprise), Linux (SuSE), Windows (2008), Windows (2012)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC