NVD Vulnerability Detail

CVE-2012-2223

Summary	The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.
Publication Date	April 11, 2012, 7:39 p.m.
Registration Date	Jan. 28, 2021, 2:57 p.m.
Last Update	Nov. 21, 2024, 10:38 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:novell:zenworks_configuration_management:11.1a:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11.1:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:10.3.2:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:10.3.1:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:10.3:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:10.3.3:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.novell.com/support/viewContent.do?externalId=7008244
2	http://www.novell.com/support/viewContent.do?externalId=7008244
3	http://www.novell.com/support/viewContent.do?externalId=7010044
4	http://www.novell.com/support/viewContent.do?externalId=7010044
5	http://www.novell.com/support/viewContent.do?externalId=7010137	Vendor Advisory
6	http://www.novell.com/support/viewContent.do?externalId=7010137	Vendor Advisory
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/74818
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/74818

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-200	情報漏えい	https://cwe.mitre.org/data/definitions/200.html

JVN Vulnerability Information

Novell ZENworks Configuration Management におけるクロスサイトトレーシング攻撃を誘発される脆弱性

Title	Novell ZENworks Configuration Management におけるクロスサイトトレーシング攻撃を誘発される脆弱性
Summary	Novell ZENworks Configuration Management (ZCM) の xplat エージェントは、HTTP TRACE メソッドを有効にすることで、クロスサイトトレーシング (XST) 攻撃を容易に誘発される脆弱性が存在します。
Possible impacts	第三者により、クロスサイトトレーシング (XST) 攻撃を容易に誘発される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Feb. 8, 2012, midnight
Registration Date	April 12, 2012, 4:53 p.m.
Last Update	April 12, 2012, 4:53 p.m.

Affected System

Novell

Novell ZENworks Configuration Management 10.3.4 未満の 10.3.x

Novell ZENworks Configuration Management 11.2 未満の 11.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-2223	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2223
National Vulnerability Database (NVD)
2	CVE-2012-2223	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2223

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
Novell
1	Security Vulnerability on the xplat agent (7010137)	http://www.novell.com/support/viewContent.do?externalId=7010137
2	ZENworks Configuration Management 10.3.4 - update information and list of fixes (7008244)	http://www.novell.com/support/viewContent.do?externalId=7008244
3	ZENworks Configuration Management 11.2 - update information and list of fixes (7010044)	http://www.novell.com/support/viewContent.do?externalId=7010044

Change Log

No	Changed Details	Date of change
0	[2012年04月12日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:novell:zenworks_configuration_management:11.1a:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11.1:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:10.3.2:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:10.3.1:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:10.3:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:10.3.3:::::::*