CWE-12
AllowedASP.NET Misconfiguration: Missing Custom Error Page
Abstraction: Variant · Status: Draft
An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.
3 vulnerabilities reference this CWE, most recent first.
CVE-2020-6994 (GCVE-0-2020-6994)
Vulnerability from cvelistv5 – Published: 2020-04-03 18:04 – Updated: 2024-08-04 09:18- CWE-12 - BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-12
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-091-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Hirschmann Automation and Control GmbH, a division of Belden Inc. | HiOS for the following devices RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED |
Affected:
07.0.02 and lower
|
|
| Hirschmann Automation and Control GmbH, a division of Belden Inc. | HiSecOS for device EAGLE20/30 |
Affected:
03.2.00 and lower
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-091-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HiOS for the following devices RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED",
"vendor": "Hirschmann Automation and Control GmbH, a division of Belden Inc.",
"versions": [
{
"status": "affected",
"version": "07.0.02 and lower"
}
]
},
{
"product": "HiSecOS for device EAGLE20/30",
"vendor": "Hirschmann Automation and Control GmbH, a division of Belden Inc.",
"versions": [
{
"status": "affected",
"version": "03.2.00 and lower"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-12",
"description": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-12",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-03T18:04:59.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-091-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-6994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiOS for the following devices RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED",
"version": {
"version_data": [
{
"version_value": "07.0.02 and lower"
}
]
}
},
{
"product_name": "HiSecOS for device EAGLE20/30",
"version": {
"version_data": [
{
"version_value": "03.2.00 and lower"
}
]
}
}
]
},
"vendor_name": "Hirschmann Automation and Control GmbH, a division of Belden Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (\u0027CLASSIC BUFFER OVERFLOW\u0027) CWE-12"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-091-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-091-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-6994",
"datePublished": "2020-04-03T18:04:59.000Z",
"dateReserved": "2020-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:02.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-5VQ5-PG3R-9PH3
Vulnerability from github – Published: 2021-06-10 17:22 – Updated: 2024-11-19 18:25Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references.
Original Description
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.2.1 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Zope"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Zope"
},
"ranges": [
{
"events": [
{
"introduced": "5.0"
},
{
"fixed": "5.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-12",
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-09T21:32:39Z",
"nvd_published_at": "2021-06-08T18:15:00Z",
"severity": "HIGH"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references.\n\n## Original Description\nZope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the \u0027os\u0027 module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.2.1 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.",
"id": "GHSA-5vq5-pg3r-9ph3",
"modified": "2024-11-19T18:25:36Z",
"published": "2021-06-10T17:22:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"type": "WEB",
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32674"
},
{
"type": "WEB",
"url": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21"
},
{
"type": "PACKAGE",
"url": "https://github.com/zopefoundation/Zope"
},
{
"type": "WEB",
"url": "https://pypi.org/project/Zope"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Path Traversal in Zope",
"withdrawn": "2024-11-19T18:25:36Z"
}
GHSA-QH9Q-34H6-HCV9
Vulnerability from github – Published: 2021-10-12 18:48 – Updated: 2024-10-01 19:21The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mkdocs"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.2"
},
{
"fixed": "1.2.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.2.2"
]
}
],
"aliases": [
"CVE-2021-40978"
],
"database_specific": {
"cwe_ids": [
"CWE-12",
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-08T21:41:01Z",
"nvd_published_at": "2021-10-07T14:15:00Z",
"severity": "HIGH"
},
"details": "The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.",
"id": "GHSA-qh9q-34h6-hcv9",
"modified": "2024-10-01T19:21:31Z",
"published": "2021-10-12T18:48:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40978"
},
{
"type": "WEB",
"url": "https://github.com/mkdocs/mkdocs/issues/2601"
},
{
"type": "WEB",
"url": "https://github.com/nisdn/CVE-2021-40978/issues/1"
},
{
"type": "WEB",
"url": "https://github.com/mkdocs/mkdocs/pull/2604"
},
{
"type": "WEB",
"url": "https://github.com/mkdocs/mkdocs/commit/1b15412f4caae476c262210315fd068d0521a833"
},
{
"type": "WEB",
"url": "https://github.com/mkdocs/mkdocs/commit/57540911a0d632674dd23edec765189f96f84f6b"
},
{
"type": "PACKAGE",
"url": "https://github.com/mkdocs/mkdocs"
},
{
"type": "WEB",
"url": "https://github.com/mkdocs/mkdocs/releases/tag/1.2.3"
},
{
"type": "WEB",
"url": "https://github.com/nisdn/CVE-2021-40978"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mkdocs/PYSEC-2021-878.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Directory traversal in mkdocs"
}
Mitigation
Handle exceptions appropriately in source code. ASP .NET applications should be configured to use custom error pages instead of the framework default page.
Mitigation
Do not attempt to process an error or attempt to mask it.
Mitigation
Verify return values are correct and do not supply sensitive information about the system.
No CAPEC attack patterns related to this CWE.