複数の Micro Focus 製品の管理サーバにおける任意のファイルを読まれる脆弱性
| Title |
複数の Micro Focus 製品の管理サーバにおける任意のファイルを読まれる脆弱性
|
| Summary |
Micro Focus Host Access Management and Security Server (MSS)、Reflection for the Web (RWeb)、Reflection Security Gateway (RSG) および Reflection ZFE (ZFE) の管理サーバには、任意のファイルを読まれる脆弱性が存在します。
|
| Possible impacts |
リモート認証された攻撃者により、制限されたディレクトリトラバーサルを許可する特別に細工された URL を介して、任意のファイルを読まれる可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
Nov. 28, 2016, midnight |
| Registration Date |
Dec. 1, 2016, 2:03 p.m. |
| Last Update |
Dec. 1, 2016, 2:03 p.m. |
|
CVSS3.0 : 警告
|
| Score |
6.5
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
CVSS2.0 : 警告
|
| Score |
4.3
|
| Vector |
AV:N/AC:M/Au:N/C:P/I:N/A:N |
Affected System
| マイクロフォーカス株式会社 |
|
Host Access Management and Security Server 12.2 build 342 未満の 12.2
|
|
Host Access Management and Security Server 12.3 build 326 未満の 12.3
|
|
Reflection for the Web 12.2 build 342 未満の 12.2
|
|
Reflection for the Web 12.3 build 312 未満の 12.3
|
|
Reflection for the Web 2014 R2 12.1 build 362 未満の 12.1
|
|
Reflection Security Gateway 2014 R2 12.1 build 362 未満の 12.1
|
|
Reflection ZFE 1.4.0.14 未満の 1.4.0
|
|
Reflection ZFE 2.0.0.52 未満の 2.0.0
|
|
Reflection ZFE 2.0.1.18 未満の 2.0.1
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 0 |
[2016年12月01日]
掲載 |
Feb. 17, 2018, 10:37 a.m. |
NVD Vulnerability Information
CVE-2016-5765
| Summary |
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14.
|
| Publication Date |
Nov. 29, 2016, 8:59 p.m. |
| Registration Date |
Jan. 26, 2021, 2:14 p.m. |
| Last Update |
Nov. 21, 2024, 11:54 a.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:microfocus:host_access_management_and_security_server:12.3:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:microfocus:reflection_zfe:2.0.0.52:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:microfocus:host_access_management_and_security_server:12.2:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:microfocus:reflection_for_the_web:12.3:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:microfocus:reflection_for_the_web:12.1:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:microfocus:reflection_for_the_web:12.2:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:microfocus:reflection_zfe:1.4.0.14:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:microfocus:reflection_zfe:2.0.1.18:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:microfocus:reflection_security_gateway:12.1:*:*:*:*:*:*:* |
|
|
|
|
Related information, measures and tools
Common Vulnerabilities List