Sign-up

ID

VAR-201701-0688


CVE

CVE-2017-5182


TITLE

Linux for Open Enterprise Server of Remote Manager Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2017-001356

DESCRIPTION

Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). Novell Open Enterprise Server (OES) is an enterprise server from Novell, Inc., which provides network services, file and print services, and network management functions. Novell OpenEnterpriseServer has a directory traversal vulnerability that stems from a failure to fully validate user input. Information harvested may aid in launching further attacks

Trust: 2.43

sources: NVD: CVE-2017-5182 // JVNDB: JVNDB-2017-001356 // CNVD: CNVD-2017-01095 // BID: 95743

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01095

AFFECTED PRODUCTS

vendor:novellmodel:open enterprise serverscope:eqversion:2.0

Trust: 1.6

vendor:novellmodel:open enterprise serverscope:eqversion:2015

Trust: 1.6

vendor:novellmodel:open enterprise serverscope:eqversion:11.0

Trust: 1.6

vendor:novellmodel:open enterprise server (oes linuxscope:eqversion:2015)2015

Trust: 0.9

vendor:novellmodel:open enterprise server (oes linuxscope:eqversion:2)2

Trust: 0.9

vendor:novellmodel:open enterprise server (oes linuxscope:eqversion:11)11

Trust: 0.9

vendor:microfocusmodel:open enterprise serverscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2017-01095 // BID: 95743 // JVNDB: JVNDB-2017-001356 // CNNVD: CNNVD-201701-245 // NVD: CVE-2017-5182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5182
value: HIGH

Trust: 1.0

NVD: CVE-2017-5182
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-01095
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201701-245
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-5182
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-01095
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-5182
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-01095 // JVNDB: JVNDB-2017-001356 // CNNVD: CNNVD-201701-245 // NVD: CVE-2017-5182

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-001356 // NVD: CVE-2017-5182

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-245

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201701-245

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001356

PATCH
title:Micro Focus Open Enterprise Server directory traversal vulnerability CVE-2017-5182url:https://www.novell.com/support/kb/doc.php?id=7018503
Trust: 0.8
title:NovellOpenEnterpriseServer directory traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/88791
Trust: 0.6
title:Micro Focus OES Remote Manager Fixes for path traversal vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110354
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01095 // 
            
            
            
            JVNDB: JVNDB-2017-001356 // 
            
            
            
            CNNVD: CNNVD-201701-245

EXTERNAL IDS
db:NVDid:CVE-2017-5182
Trust: 3.3
db:BIDid:95743
Trust: 2.5
db:SECTRACKid:1037689
Trust: 1.6
db:JVNDBid:JVNDB-2017-001356
Trust: 0.8
db:CNVDid:CNVD-2017-01095
Trust: 0.6
db:CNNVDid:CNNVD-201701-245
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01095 // 
            
            
            
            BID: 95743 // 
            
            
            
            JVNDB: JVNDB-2017-001356 // 
            
            
            
            CNNVD: CNNVD-201701-245 // 
            
            
            
            NVD: CVE-2017-5182

REFERENCES
url:http://www.securityfocus.com/bid/95743
Trust: 2.2
url:https://www.novell.com/support/kb/doc.php?id=7018503
Trust: 1.9
url:http://www.securitytracker.com/id/1037689
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5182
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5182
Trust: 0.8
url:http://www.novell.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-01095 // 
            
            
            
            BID: 95743 // 
            
            
            
            JVNDB: JVNDB-2017-001356 // 
            
            
            
            CNNVD: CNNVD-201701-245 // 
            
            
            
            NVD: CVE-2017-5182

CREDITS
Illinois Department of Innovation & Technology, Division of Information Security
Trust: 0.3
sources:
            
            
            BID: 95743

SOURCES
db:CNVDid:CNVD-2017-01095
db:BIDid:95743
db:JVNDBid:JVNDB-2017-001356
db:CNNVDid:CNNVD-201701-245
db:NVDid:CVE-2017-5182

LAST UPDATE DATE
2024-11-23T22:22:41.308000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01095date:2017-02-08T00:00:00
db:BIDid:95743date:2017-02-02T04:01:00
db:JVNDBid:JVNDB-2017-001356date:2017-02-06T00:00:00
db:CNNVDid:CNNVD-201701-245date:2020-02-25T00:00:00
db:NVDid:CVE-2017-5182date:2024-11-21T03:27:13.067

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-01095date:2017-02-08T00:00:00
db:BIDid:95743date:2017-01-20T00:00:00
db:JVNDBid:JVNDB-2017-001356date:2017-02-06T00:00:00
db:CNNVDid:CNNVD-201701-245date:2017-01-11T00:00:00
db:NVDid:CVE-2017-5182date:2017-01-23T15:59:00.137