製品・ソフトウェアに関する情報

JVN脆弱性詳細

Secure Access Link (SAL) Gateway に情報漏えいの脆弱性

Title	Secure Access Link (SAL) Gateway に情報漏えいの脆弱性
Summary	Avaya が提供する Secure Access Link (SAL) Gateway には、情報漏えいの脆弱性が存在します。 Avaya が提供する Secure Access Link (SAL) Gateway には、インストール時のデフォルト設定に問題があります。Secondary Core Server と Secondary Remote Server に不適切な URL が設定されているため、情報漏えいの脆弱性が存在します。 Avaya から、以下の脆弱性情報が公開されています。 "On installation of SAL Gateway with the default properties provided along with the installer, the Secondary Core Server URL and the Remote Server URL points to the secavaya.com and secaxeda.com respectively which are invalid public domain servers and not owned by Avaya. These servers resolve to invalid domains and pose a security threat. Secondary Core Server URL should be same as the primary Core Server URL and Secondary Remote Server URL should be same as the primary Remote Server URL."
Possible impacts	ログなどの情報を、意図していない E-mail アドレスに送信される可能性があります。
Solution	[設定を変更する] Avaya が提供する情報の "Resolution" セクションの内容をもとに、設定を変更してください。
Publication Date	Aug. 1, 2011, midnight
Registration Date	Aug. 18, 2011, 8:58 a.m.
Last Update	Aug. 18, 2011, 8:58 a.m.

Affected System

アバイア

Avaya Secure Access Link 1.5

Avaya Secure Access Link 1.8

Avaya Secure Access Link 2.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-3008	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3008
National Vulnerability Database (NVD)
2	CVE-2011-3008	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3008

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-16	https://jvndb.jvn.jp/ja/cwe/CWE-16.html

ベンダー情報

No	Name	URL
Avaya Support
1	Product Support Notice PSN003314u	http://support.avaya.com/css/P8/documents/100140483

その他

No	Name	URL
ISS X-Force Database
1	68922	http://xforce.iss.net/xforce/xfdb/68922
JVN
2	JVNVU#690315	http://jvn.jp/cert/JVNVU690315
SecurityFocus
3	48942	http://www.securityfocus.com/bid/48942
US-CERT Vulnerability Note
4	VU#690315	http://www.kb.cert.org/vuls/id/690315

Change Log

No	Changed Details	Date of change
0	[2011年08月18日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-3008

Summary	The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information.
Publication Date	Aug. 6, 2011, 6:55 a.m.
Registration Date	Jan. 28, 2021, 4:39 p.m.
Last Update	Nov. 21, 2024, 10:29 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:avaya:secure_access_link_gateway:1.5:::::::*
cpe:2.3:a:avaya:secure_access_link_gateway:1.8:::::::*
cpe:2.3:a:avaya:secure_access_link_gateway:2.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://support.avaya.com/css/P8/documents/100140483	Vendor Advisory
2	http://www.kb.cert.org/vuls/id/690315	US Government Resource
3	http://www.securityfocus.com/bid/48942
4	https://exchange.xforce.ibmcloud.com/vulnerabilities/68922
5	http://support.avaya.com/css/P8/documents/100140483	Vendor Advisory
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/68922
7	http://www.securityfocus.com/bid/48942
8	http://www.kb.cert.org/vuls/id/690315	US Government Resource

Common Vulnerabilities List