製品・ソフトウェアに関する情報

JVN脆弱性詳細

NeatUpload ASP.NET における他のクライアントの HTTP レスポンスを取得される脆弱性

Title	NeatUpload ASP.NET における他のクライアントの HTTP レスポンスを取得される脆弱性
Summary	NeatUpload ASP.NET には、競合状態が発生するため、他のクライアントの HTTP レスポンスを取得される脆弱性が存在します。
Possible impacts	第三者により、複数の同時リクエストを介して、同様の HttpWorkerRequest オブジェクトのための HttpWorkerRequest.FlushResponse への複数の呼び出しを誘発され、異なるリクエストに対してバッファが再利用され、他のクライアントの HTTP レスポンスを取得される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	April 24, 2007, midnight
Registration Date	June 26, 2012, 3:46 p.m.
Last Update	June 26, 2012, 3:46 p.m.

Affected System

brettle development

neatupload 1.2.11 から 1.2.16、1.1.18 から 1.1.23、および trunk.379 から trunk.445

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-2197	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2197
National Vulnerability Database (NVD)
2	CVE-2007-2197	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2197

ベンダー情報

No	Name	URL
brettle development
1	Top Page	http://www.brettle.com/neatupload

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-2197

Summary	Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.
Publication Date	April 25, 2007, 2:19 a.m.
Registration Date	Jan. 29, 2021, 2:11 p.m.
Last Update	Oct. 17, 2018, 1:42 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:brettle_development:neatupload:1.1.18:::::::*
cpe:2.3:a:brettle_development:neatupload:1.1.19:::::::*
cpe:2.3:a:brettle_development:neatupload:1.1.20:::::::*
cpe:2.3:a:brettle_development:neatupload:1.1.21:::::::*
cpe:2.3:a:brettle_development:neatupload:1.1.22:::::::*
cpe:2.3:a:brettle_development:neatupload:1.1.23:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.11:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.12:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.13:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.14:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.15:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.16:::::::*
cpe:2.3:a:brettle_development:neatupload:trunk.379:::::::*
cpe:2.3:a:brettle_development:neatupload:trunk.380:::::::*
cpe:2.3:a:brettle_development:neatupload:trunk.381:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/25003	SECUNIA	Vendor Advisory
2	http://www.securityfocus.com/archive/1/466404/100/0/threaded	BUGTRAQ
3	http://www.securityfocus.com/bid/23578	BID
4	https://exchange.xforce.ibmcloud.com/vulnerabilities/33785	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:brettle_development:neatupload:1.1.18:::::::*
cpe:2.3:a:brettle_development:neatupload:1.1.19:::::::*
cpe:2.3:a:brettle_development:neatupload:1.1.20:::::::*
cpe:2.3:a:brettle_development:neatupload:1.1.21:::::::*
cpe:2.3:a:brettle_development:neatupload:1.1.22:::::::*
cpe:2.3:a:brettle_development:neatupload:1.1.23:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.11:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.12:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.13:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.14:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.15:::::::*
cpe:2.3:a:brettle_development:neatupload:1.2.16:::::::*
cpe:2.3:a:brettle_development:neatupload:trunk.379:::::::*
cpe:2.3:a:brettle_development:neatupload:trunk.380:::::::*
cpe:2.3:a:brettle_development:neatupload:trunk.381:::::::*