NVD Vulnerability Detail

CVE-2007-3022

Summary	Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.
Publication Date	June 6, 2007, 6:30 a.m.
Registration Date	Jan. 29, 2021, 2:14 p.m.
Last Update	July 29, 2017, 10:31 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:symantec:client_security:3.1:::::::*
cpe:2.3:a:symantec:client_security:3.1.394:::::::*
cpe:2.3:a:symantec:client_security:3.1.396:::::::*
cpe:2.3:a:symantec:client_security:3.1.400:::::::*
cpe:2.3:a:symantec:client_security:3.1.401:::::::*
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.396::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.400::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.401::corporate:::::
cpe:2.3:a:symantec:reporting_server::::::::		1.0.197.0

Related information, measures and tools

No	URL	refsource	タグ
1	http://osvdb.org/36108	OSVDB
2	http://secunia.com/advisories/25543	SECUNIA
3	http://www.securityfocus.com/bid/24312	BID
4	http://www.securitytracker.com/id?1018196	SECTRACK
5	http://www.symantec.com/avcenter/security/Content/2007.06.05.html	CONFIRM	Patch
6	http://www.vupen.com/english/advisories/2007/2074	VUPEN
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/34740	XF

Common Vulnerabilities List

JVN Vulnerability Information

Symantec Client Security および SAV CE などで使用される Symantec Reporting Server における総当たり攻撃を実行される脆弱性

Title	Symantec Client Security および SAV CE などで使用される Symantec Reporting Server における総当たり攻撃を実行される脆弱性
Summary	Symantec Client Security および Symantec AntiVirus Corporate Edition (SAV CE) などで使用される Symantec Reporting Server は、ユーザがログイン試行に失敗した後にパスワードハッシュを表示するため、総当たり攻撃 (brute-force attack) を実行される脆弱性が存在します。
Possible impacts	第三者により、総当たり攻撃 (brute-force attack) を実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 5, 2007, midnight
Registration Date	Dec. 20, 2012, 6:19 p.m.
Last Update	Dec. 20, 2012, 6:19 p.m.

Affected System

シマンテック

client security 3.1 およびそれ以降

Norton AntiVirus Corporate Edition (SAV CE) 10.1 およびそれ以降

reporting server 1.0.197.0 および 1.0.224.0 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-3022	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3022
National Vulnerability Database (NVD)
2	CVE-2007-3022	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3022

ベンダー情報

No	Name	URL
Symantec Corporation
1	SYM07-011	http://www.symantec.com/avcenter/security/Content/2007.06.05.html

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:symantec:client_security:3.1:::::::*
cpe:2.3:a:symantec:client_security:3.1.394:::::::*
cpe:2.3:a:symantec:client_security:3.1.396:::::::*
cpe:2.3:a:symantec:client_security:3.1.400:::::::*
cpe:2.3:a:symantec:client_security:3.1.401:::::::*
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.396::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.400::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.401::corporate:::::
cpe:2.3:a:symantec:reporting_server::::::::		1.0.197.0