製品・ソフトウェアに関する情報

JVN脆弱性詳細

HP Integrated Lights-Out 2 のサーバにおけるサービス運用妨害 (DoS) の脆弱性

Title	HP Integrated Lights-Out 2 のサーバにおけるサービス運用妨害 (DoS) の脆弱性
Summary	HP Integrated Lights-Out 2 (別名 iLO 2) のサーバには、サービス運用妨害 (DoS) 状態にされる脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された HTTPS トラフィックを介して、サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 24, 2014, midnight
Registration Date	April 28, 2014, 5:06 p.m.
Last Update	May 19, 2014, 6:29 p.m.

Affected System

ヒューレット・パッカード

HP Integrated Lights-Out 2 ファームウェア 2.23 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-2601	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2601
National Vulnerability Database (NVD)
2	CVE-2014-2601	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2601

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Customer Notice
1	HP Integrated Lights-Out and Integrated Lights-Out 2 - Scanning First-Generation iLO or iLO 2 Devices for the Heartbleed Vulnerability Results in iLO Lockup Requiring Power to be PHYSICALLY Removed	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04249852
HP Security Bulletin
2	HPSBHF03006 SSRT101509	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04244787

Change Log

No	Changed Details	Date of change
0	[2014年04月28日] 掲載 [2014年05月19日] ベンダ情報：ヒューレット・パッカード (HP Integrated Lights-Out and Integrated Lights-Out 2 - Scanning First-Generation iLO or iLO 2 Devices for the Heartbleed Vulnerability Results in iLO Lockup Requiring Power to be PHYSICALLY Removed) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-2601

Summary	The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.
Publication Date	April 25, 2014, 8:55 a.m.
Registration Date	Jan. 26, 2021, 3:09 p.m.
Last Update	Nov. 21, 2024, 11:06 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.12:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware::::::::		2.23
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.20:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.10:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.00:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.22:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.75:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.30:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.20:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.70:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.15:::::::*

Related information, measures and tools

No	URL	タグ
1	http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04249852-1
2	http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04249852-1
3	http://www.securitytracker.com/id/1030148
4	http://www.securitytracker.com/id/1030148
5	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787	Patch Vendor Advisory
6	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787	Patch Vendor Advisory
7	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787	Patch Vendor Advisory
8	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787	Patch Vendor Advisory
9	https://isc.sans.edu/forums/diary/Be+Careful+what+you+Scan+for/18017/
10	https://isc.sans.edu/forums/diary/Be+Careful+what+you+Scan+for/18017/

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.12:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware::::::::		2.23
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.20:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.10:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.00:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.22:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.75:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.30:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.20:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.70:::::::*
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.15:::::::*