製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache CloudStack におけるクロスサイトスクリプティングの脆弱性

Title	Apache CloudStack におけるクロスサイトスクリプティングの脆弱性
Summary	Apache CloudStack には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、下記の項目を介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。 (1) ゾーンウィザード (Zone wizard) の物理的ネットワーク名 (Physical network name) (2) インスタンスウィザード (Instance wizard) の新しいネットワーク名 (New network name) (3) インスタンスウィザード (Instance wizard) のインスタンス名 (instance name) (4) インスタンスウィザード (Instance wizard) のグループ (group) (5) グローバル設定に関連する不特定の "マルチ編集フィールド (multi-edit field)" (6) グローバル設定に関連する不特定の "リスト表示 (list view)" 編集フィールド (edit field)
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 11, 2013, midnight
Registration Date	Aug. 21, 2013, 7:16 p.m.
Last Update	Aug. 21, 2013, 7:16 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

Apache Software Foundation

CloudStack 4.1.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-2136	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2136
National Vulnerability Database (NVD)
2	CVE-2013-2136	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2136

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Apache CXF
1	CLOUDSTACK-2936	https://issues.apache.org/jira/browse/CLOUDSTACK-2936

Change Log

No	Changed Details	Date of change
0	[2013年08月21日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-2136

Summary	Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.
Publication Date	Aug. 20, 2013, 8:55 a.m.
Registration Date	Jan. 26, 2021, 3:37 p.m.
Last Update	Nov. 21, 2024, 10:51 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:cloudstack:2.2.7:::::::*
cpe:2.3:a:apache:cloudstack:2.1.6:::::::*
cpe:2.3:a:apache:cloudstack:2.2.14:::::::*
cpe:2.3:a:apache:cloudstack:2.2.0:::::::*
cpe:2.3:a:apache:cloudstack:2.2.12:::::::*
cpe:2.3:a:apache:cloudstack:2.2.6:::::::*
cpe:2.3:a:apache:cloudstack:2.2.9:::::::*
cpe:2.3:a:apache:cloudstack:2.1.8:::::::*
cpe:2.3:a:apache:cloudstack:2.1.2:::::::*
cpe:2.3:a:apache:cloudstack:2.0:-:community:::::*
cpe:2.3:a:apache:cloudstack:2.2.5:::::::*
cpe:2.3:a:apache:cloudstack:2.2.11:::::::*
cpe:2.3:a:apache:cloudstack:2.1.0:::::::*
cpe:2.3:a:apache:cloudstack:2.1.3:::::::*
cpe:2.3:a:apache:cloudstack:2.2.2:::::::*
cpe:2.3:a:apache:cloudstack:2.1.5:::::::*
cpe:2.3:a:apache:cloudstack:2.2.1:::::::*
cpe:2.3:a:apache:cloudstack:3.0.1:::::::*
cpe:2.3:a:apache:cloudstack:3.0.2:::::::*
cpe:2.3:a:apache:cloudstack:2.2.13:::::::*
cpe:2.3:a:apache:cloudstack:2.0.1:::::::*
cpe:2.3:a:apache:cloudstack:2.1.9:::::::*
cpe:2.3:a:apache:cloudstack:4.0.2:::::::*
cpe:2.3:a:apache:cloudstack:4.0.1:::::::*
cpe:2.3:a:apache:cloudstack:3.0.0:::::::*
cpe:2.3:a:apache:cloudstack:2.1.10:::::::*
cpe:2.3:a:apache:cloudstack:2.2.8:::::::*
cpe:2.3:a:apache:cloudstack::::::::		4.1.0
cpe:2.3:a:apache:cloudstack:4.0.0:incubating::::::
cpe:2.3:a:apache:cloudstack:2.1.1:::::::*
cpe:2.3:a:apache:cloudstack:2.1.7:::::::*
cpe:2.3:a:apache:cloudstack:2.2.3:::::::*
cpe:2.3:a:apache:cloudstack:2.1.4:::::::*

Related information, measures and tools

No	URL	タグ
1	http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html
2	http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html
3	http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html
4	http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html
5	http://osvdb.org/96074
6	http://osvdb.org/96074
7	http://osvdb.org/96075
8	http://osvdb.org/96075
9	http://osvdb.org/96076
10	http://osvdb.org/96076
11	http://osvdb.org/96077
12	http://osvdb.org/96077
13	http://osvdb.org/96078
14	http://osvdb.org/96078
15	http://secunia.com/advisories/54399	Vendor Advisory
16	http://secunia.com/advisories/54399	Vendor Advisory
17	http://www.securityfocus.com/bid/61638
18	http://www.securityfocus.com/bid/61638
19	https://exchange.xforce.ibmcloud.com/vulnerabilities/86258
20	https://exchange.xforce.ibmcloud.com/vulnerabilities/86258
21	https://issues.apache.org/jira/browse/CLOUDSTACK-2936
22	https://issues.apache.org/jira/browse/CLOUDSTACK-2936

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:cloudstack:2.2.7:::::::*
cpe:2.3:a:apache:cloudstack:2.1.6:::::::*
cpe:2.3:a:apache:cloudstack:2.2.14:::::::*
cpe:2.3:a:apache:cloudstack:2.2.0:::::::*
cpe:2.3:a:apache:cloudstack:2.2.12:::::::*
cpe:2.3:a:apache:cloudstack:2.2.6:::::::*
cpe:2.3:a:apache:cloudstack:2.2.9:::::::*
cpe:2.3:a:apache:cloudstack:2.1.8:::::::*
cpe:2.3:a:apache:cloudstack:2.1.2:::::::*
cpe:2.3:a:apache:cloudstack:2.0:-:community:::::*
cpe:2.3:a:apache:cloudstack:2.2.5:::::::*
cpe:2.3:a:apache:cloudstack:2.2.11:::::::*
cpe:2.3:a:apache:cloudstack:2.1.0:::::::*
cpe:2.3:a:apache:cloudstack:2.1.3:::::::*
cpe:2.3:a:apache:cloudstack:2.2.2:::::::*
cpe:2.3:a:apache:cloudstack:2.1.5:::::::*
cpe:2.3:a:apache:cloudstack:2.2.1:::::::*
cpe:2.3:a:apache:cloudstack:3.0.1:::::::*
cpe:2.3:a:apache:cloudstack:3.0.2:::::::*
cpe:2.3:a:apache:cloudstack:2.2.13:::::::*
cpe:2.3:a:apache:cloudstack:2.0.1:::::::*
cpe:2.3:a:apache:cloudstack:2.1.9:::::::*
cpe:2.3:a:apache:cloudstack:4.0.2:::::::*
cpe:2.3:a:apache:cloudstack:4.0.1:::::::*
cpe:2.3:a:apache:cloudstack:3.0.0:::::::*
cpe:2.3:a:apache:cloudstack:2.1.10:::::::*
cpe:2.3:a:apache:cloudstack:2.2.8:::::::*
cpe:2.3:a:apache:cloudstack::::::::		4.1.0
cpe:2.3:a:apache:cloudstack:4.0.0:incubating::::::
cpe:2.3:a:apache:cloudstack:2.1.1:::::::*
cpe:2.3:a:apache:cloudstack:2.1.7:::::::*
cpe:2.3:a:apache:cloudstack:2.2.3:::::::*
cpe:2.3:a:apache:cloudstack:2.1.4:::::::*