HP Version Control Repository Manager Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Conduct Cross-Site Request Forgery Attacks : 8/26/2015 7:17:58 AM
Communicate with co-workers in real time. Used by Netflix, Dropbox & Salesforce. $0/unlimited users. Get started >> From our sponsors |
| Vulnerability Databse |
| This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text. |
HP Version Control Repository Manager Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Conduct Cross-Site Request Forgery Attacks
8/26/2015 12:00:00 AM
| HP Version Control Repository Manager Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Conduct Cross-Site Request Forgery Attacks |
| SecurityTracker Alert ID: 1033378 |
| SecurityTracker URL: http://securitytracker.com/id/1033378 |
| CVE Reference: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-5409, CVE-2015-5410, CVE-2015-5411, CVE-2015-5412, CVE-2015-5413 (Links to External Site) |
| Date: Aug 26 2015 |
| Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network |
| Fix Available: Yes Vendor Confirmed: Yes |
| Version(s): prior to 7.5.0 |
| Description: Multiple vulnerabilities were reported in HP Version Control Repository Manager. A remote user can conduct cross-site request forgery attacks. A remote user can cause denial of service conditions on the target system. A remote authenticated user can gain elevated privileges. A remote user can obtain potentially sensitive information on the target system. A remote user can create a specially crafted HTML page or URL that, when loaded by the target authenticated user, will take actions on the target interface acting as the target user [CVE-2015-5412]. A remote user can gain unauthorized access, modify data, deny service, and execute arbitrary code [CVE-2015-5410]. A remote authenticated user can gain elevated privileges on the target system [CVE-2015-5413]. A remote user can send a specially crafted request to view potentially sensitive information on the target system [CVE-2015-5411]. A remote user can trigger a buffer overflow [CVE-2015-5409]. |
| Impact: A remote user can take actions on the target system acting as the target authenticated user. A remote user can cause denial of service conditions. A remote authenticated user can gain elevated privileges on the target system. A remote user can obtain potentially sensitive information on the target system. |
| Solution: HP has issued a fix (7.5.0). The HP advisory is available at: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115 |
| Vendor URL: h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115 (Links to External Site) |
| Cause: Access control error, Boundary error, Input validation error |
| Underlying OS: Linux (Any), Windows (Any) |
| |
| Message History: None. |
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
Diberdayakan oleh Blogger.