製品・ソフトウェアに関する情報

JVN脆弱性詳細

SafeNet Sentinel Protection Server などにおけるディレクトリトラバーサルの脆弱性

Title	SafeNet Sentinel Protection Server などにおけるディレクトリトラバーサルの脆弱性
Summary	SafeNet Sentinel Protection Server および Sentinel Keys Server には、ディレクトリトラバーサルの脆弱性が存在します。
Possible impacts	第三者により、.. (ドットドット) を含むクエリ文字列を介して、任意のファイルを読まれる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 20, 2007, midnight
Registration Date	Dec. 20, 2012, 6:34 p.m.
Last Update	Sept. 30, 2015, 4:56 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:P/A:N

Affected System

SafeNet, Inc

sentinel keys server 1.0.3 およびそれ以前

sentinel protection server 7.0.0 から 7.4.0 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-6483	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6483
National Vulnerability Database (NVD)
2	CVE-2007-6483	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6483

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
safenet-inc
1	Top Page	http://www.safenet-inc.com/

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-15-272-01	https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載 [2015年09月30日] 参考情報：ICS-CERT ADVISORY (ICSA-15-272-01) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-6483

Summary	Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.
Summary	Vulnerabilidad de salto de directorio en SafeNet Sentinel Protection Server 7.0.0 hasta 7.4.0 y versiones anteriores, y Sentinel Keys Server 1.0.3 y posiblemente versiones anteriores, permite a atacantes remotos leer ficheros de su elección mediante un .. (punto punto) en la cadena de consulta.
Publication Date	Dec. 21, 2007, 5:46 a.m.
Registration Date	Jan. 29, 2021, 2:25 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:safenet:sentinel_keys_server:1.0.3:::::::*
cpe:2.3:a:safenet:sentinel_protection_server:7.0:::::::*
cpe:2.3:a:safenet:sentinel_protection_server:7.1:::::::*
cpe:2.3:a:safenet:sentinel_protection_server:7.2:::::::*
cpe:2.3:a:safenet:sentinel_protection_server:7.3:::::::*
cpe:2.3:a:safenet:sentinel_protection_server:7.4:::::::*

Related information, measures and tools

No	URL	refsource
1	http://safenet-inc.com/support/files/SPI740SecurityPatch.zip	cve@mitre.org
2	http://secunia.com/advisories/27811	cve@mitre.org
3	http://securityreason.com/securityalert/3471	cve@mitre.org
4	http://www.securityfocus.com/archive/1/484201/100/200/threaded	cve@mitre.org
5	http://www.securityfocus.com/archive/1/484224/100/200/threaded	cve@mitre.org
6	http://www.securityfocus.com/bid/26583	cve@mitre.org
7	http://www.securitytracker.com/id?1018992	cve@mitre.org
8	http://www.vupen.com/english/advisories/2007/4011	cve@mitre.org
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/38636	cve@mitre.org
10	https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01	cve@mitre.org
11	http://safenet-inc.com/support/files/SPI740SecurityPatch.zip	af854a3a-2127-422b-91ae-364da2661108
12	http://secunia.com/advisories/27811	af854a3a-2127-422b-91ae-364da2661108
13	http://securityreason.com/securityalert/3471	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/archive/1/484201/100/200/threaded	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securityfocus.com/archive/1/484224/100/200/threaded	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/bid/26583	af854a3a-2127-422b-91ae-364da2661108
17	http://www.securitytracker.com/id?1018992	af854a3a-2127-422b-91ae-364da2661108
18	http://www.vupen.com/english/advisories/2007/4011	af854a3a-2127-422b-91ae-364da2661108
19	https://exchange.xforce.ibmcloud.com/vulnerabilities/38636	af854a3a-2127-422b-91ae-364da2661108
20	https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:safenet:sentinel_keys_server:1.0.3:::::::*
cpe:2.3:a:safenet:sentinel_protection_server:7.0:::::::*
cpe:2.3:a:safenet:sentinel_protection_server:7.1:::::::*
cpe:2.3:a:safenet:sentinel_protection_server:7.2:::::::*
cpe:2.3:a:safenet:sentinel_protection_server:7.3:::::::*
cpe:2.3:a:safenet:sentinel_protection_server:7.4:::::::*