Sign-up

ID

VAR-201109-0174


CVE

CVE-2011-3502


TITLE

Cogent DataHub of Web Vulnerability in server executable code acquisition

Trust: 0.8

sources: JVNDB: JVNDB-2011-002267

DESCRIPTION

The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). Cogent DataHub is software for SCADA and automation. The Cogent DataHub server/service uses a custom web server that listens on port 80. The software does not handle the directory traversal sequence correctly. An attacker can exploit the vulnerability to download files on the server. Cogent DataHub is prone to a directory-traversal vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting the issues may allow an attacker to obtain sensitive information that could aid in further attacks. Cogent DataHub 7.1.1.63 is vulnerable; other versions may also be affected

Trust: 2.97

sources: NVD: CVE-2011-3502 // JVNDB: JVNDB-2011-002267 // CNVD: CNVD-2011-3671 // CNVD: CNVD-2011-3672 // BID: 49610

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2011-3671 // CNVD: CNVD-2011-3672

AFFECTED PRODUCTS

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.0

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.1

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.1.63

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.1.0

Trust: 1.6

vendor:cogentdatahubmodel:cogent datahubscope:eqversion:7.0.2

Trust: 1.6

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7.1.1.63

Trust: 1.5

vendor:cogent real timemodel:datahubscope:lteversion:7.1.1.63

Trust: 0.8

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6.0.2

Trust: 0.3

vendor:cogentmodel:real-time systems opc datahubscope:eqversion:6

Trust: 0.3

vendor:cogentmodel:real-time systems cogent datahubscope:eqversion:7

Trust: 0.3

vendor:cogentmodel:real-time systems cascade datahubscope:eqversion:6

Trust: 0.3

vendor:cogentmodel:real-time systems opc datahubscope:neversion:6.4.20

Trust: 0.3

vendor:cogentmodel:real-time systems cogent datahubscope:neversion:7.1.2

Trust: 0.3

vendor:cogentmodel:real-time systems cascade datahubscope:neversion:6.4.20

Trust: 0.3

sources: CNVD: CNVD-2011-3671 // CNVD: CNVD-2011-3672 // BID: 49610 // JVNDB: JVNDB-2011-002267 // CNNVD: CNNVD-201109-275 // NVD: CVE-2011-3502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3502
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-3502
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201109-275
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2011-3502
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-002267 // CNNVD: CNNVD-201109-275 // NVD: CVE-2011-3502

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2011-002267 // NVD: CVE-2011-3502

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201109-184 // CNNVD: CNNVD-201109-275

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201109-184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002267

PATCH
title:Top Pageurl:http://www.cogentdatahub.com/
Trust: 0.8
title:Top Pageurl:http://www.cogentdatahub.com/jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-002267

EXTERNAL IDS
db:NVDid:CVE-2011-3502
Trust: 2.7
db:ICS CERT ALERTid:ICS-ALERT-11-256-03
Trust: 2.4
db:BIDid:49610
Trust: 2.1
db:ICS CERTid:ICSA-11-280-01
Trust: 1.1
db:JVNDBid:JVNDB-2011-002267
Trust: 0.8
db:CNVDid:CNVD-2011-3671
Trust: 0.6
db:CNVDid:CNVD-2011-3672
Trust: 0.6
db:CNNVDid:CNNVD-201109-184
Trust: 0.6
db:CNNVDid:CNNVD-201109-275
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-3671 // 
            
            
            
            CNVD: CNVD-2011-3672 // 
            
            
            
            BID: 49610 // 
            
            
            
            JVNDB: JVNDB-2011-002267 // 
            
            
            
            CNNVD: CNNVD-201109-184 // 
            
            
            
            CNNVD: CNNVD-201109-275 // 
            
            
            
            NVD: CVE-2011-3502

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-03.pdf
Trust: 2.4
url:http://aluigi.altervista.org/adv/cogent_4-adv.txt
Trust: 2.2
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-280-01.pdf
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3502
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3502
Trust: 0.8
url:http://aluigi.altervista.org/adv/cogent_2-adv.txt
Trust: 0.6
url:http://www.securityfocus.com/bid/49610
Trust: 0.6
url:http://www.cogentdatahub.com/products/cogent_datahub.html
Trust: 0.3
url:http://aluigi.org/mytoolz/mydown.zip
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2011-3671 // 
            
            
            
            CNVD: CNVD-2011-3672 // 
            
            
            
            BID: 49610 // 
            
            
            
            JVNDB: JVNDB-2011-002267 // 
            
            
            
            CNNVD: CNNVD-201109-184 // 
            
            
            
            CNNVD: CNNVD-201109-275 // 
            
            
            
            NVD: CVE-2011-3502

CREDITS
Luigi Auriemma
Trust: 0.9
sources:
            
            
            BID: 49610 // 
            
            
            
            CNNVD: CNNVD-201109-184

SOURCES
db:CNVDid:CNVD-2011-3671
db:CNVDid:CNVD-2011-3672
db:BIDid:49610
db:JVNDBid:JVNDB-2011-002267
db:CNNVDid:CNNVD-201109-184
db:CNNVDid:CNNVD-201109-275
db:NVDid:CVE-2011-3502

LAST UPDATE DATE
2024-08-14T13:49:07.105000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-3671date:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3672date:2011-09-15T00:00:00
db:BIDid:49610date:2011-10-11T16:20:00
db:JVNDBid:JVNDB-2011-002267date:2011-09-29T00:00:00
db:CNNVDid:CNNVD-201109-184date:2011-09-15T00:00:00
db:CNNVDid:CNNVD-201109-275date:2011-09-19T00:00:00
db:NVDid:CVE-2011-3502date:2011-09-19T04:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2011-3671date:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3672date:2011-09-15T00:00:00
db:BIDid:49610date:2011-09-13T00:00:00
db:JVNDBid:JVNDB-2011-002267date:2011-09-29T00:00:00
db:CNNVDid:CNNVD-201109-184date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201109-275date:2011-09-19T00:00:00
db:NVDid:CVE-2011-3502date:2011-09-16T17:26:14.933