製品・ソフトウェアに関する情報

JVN脆弱性詳細

Support Incident Tracker における認証を回避される脆弱性

Title	Support Incident Tracker における認証を回避される脆弱性
Summary	Support Incident Tracker には、匿名バインドを伴う LDAP 認証を使用している際、認証を回避される脆弱性が存在します。
Possible impacts	第三者により、空のパスワードを介して、認証を回避される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	April 28, 2010, midnight
Registration Date	Dec. 20, 2012, 7:29 p.m.
Last Update	Dec. 20, 2012, 7:29 p.m.

Affected System

The Support Incident Tracker Project

Support Incident Tracker 3.51 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-1596	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1596
National Vulnerability Database (NVD)
2	CVE-2010-1596	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1596

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-287	https://jvndb.jvn.jp/ja/cwe/CWE-287.html

ベンダー情報

No	Name	URL
sitracker
1	ReleaseNotes351	http://sitracker.org/wiki/ReleaseNotes351

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-1596

Summary	Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
Publication Date	April 29, 2010, 8:30 a.m.
Registration Date	Jan. 29, 2021, 11 a.m.
Last Update	Aug. 17, 2017, 10:32 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sitracker:support_incident_tracker:3.21:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.22:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.23:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.24:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2::::::
cpe:2.3:a:sitracker:support_incident_tracker:3.30:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2::::::
cpe:2.3:a:sitracker:support_incident_tracker:3.31:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.32:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.33:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.35:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.35:beta1::::::
cpe:2.3:a:sitracker:support_incident_tracker:3.36:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.40:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.40:beta1::::::
cpe:2.3:a:sitracker:support_incident_tracker:3.41:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.45:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1::::::
cpe:2.3:a:sitracker:support_incident_tracker::::::::		3.50
cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://bugs.sitracker.org/view.php?id=1047	CONFIRM
2	http://osvdb.org/61945	OSVDB
3	http://secunia.com/advisories/38329	SECUNIA	Vendor Advisory
4	http://sitracker.org/forum/viewtopic.php?f=4&t=1416979&p=2292	CONFIRM
5	http://sitracker.org/wiki/ReleaseNotes351	CONFIRM	Patch
6	http://www.securityfocus.com/bid/37949	BID
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/55871	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sitracker:support_incident_tracker:3.21:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.22:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.23:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.24:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2::::::
cpe:2.3:a:sitracker:support_incident_tracker:3.30:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2::::::
cpe:2.3:a:sitracker:support_incident_tracker:3.31:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.32:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.33:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.35:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.35:beta1::::::
cpe:2.3:a:sitracker:support_incident_tracker:3.36:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.40:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.40:beta1::::::
cpe:2.3:a:sitracker:support_incident_tracker:3.41:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.45:::::::*
cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1::::::
cpe:2.3:a:sitracker:support_incident_tracker::::::::		3.50
cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1::::::