CERTA-2004-AVI-094

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité est présente dans les « services web » basés sur SOAP (Simple Object Access Protocol) ayant un tableau d'objets en argument.

Un utilisateur mal intentionné peut réaliser, via une requête SOAP malicieusement construite, un déni de service sur le serveur SOAP vulnérable.

Solution

Appliquer le correctif correspondant à votre système (cf. section documentation).

None
Impacted products
Vendor Product Description
Adobe N/A Macromedia JRun 4.0 ;
Adobe ColdFusion Macromedia ColdFusion/MX versions 6.0 et 6.1 J2EE ;
Adobe N/A Sun Java System Application Server 7 Update 2 et versions antérieures.
Adobe ColdFusion Macromedia ColdFusion/MX versions 6.0 et 6.1 ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Macromedia JRun 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Macromedia ColdFusion/MX versions 6.0 et 6.1 J2EE ;",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Sun Java System Application Server 7 Update 2 et versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Macromedia ColdFusion/MX versions 6.0 et 6.1 ;",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans les \u00ab services web \u00bb bas\u00e9s sur SOAP\n(Simple Object Access Protocol) ayant un tableau d\u0027objets en argument.\n\nUn utilisateur mal intentionn\u00e9 peut r\u00e9aliser, via une requ\u00eate SOAP\nmalicieusement construite, un d\u00e9ni de service sur le serveur SOAP\nvuln\u00e9rable.\n\n## Solution\n\nAppliquer le correctif correspondant \u00e0 votre syst\u00e8me (cf. section\ndocumentation).\n",
  "cves": [],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 57517 de Sun :",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57517"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 MPSB04-04 de Macromedia :",
      "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html"
    }
  ],
  "reference": "CERTA-2004-AVI-094",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 sur plusieurs serveurs SOAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Macromedia",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.