CNVD-2017-32219

Vulnerability from cnvd - Published: 2017-11-01
VLAI Severity ?
Title
多款WSO2产品Management Console跨站脚本漏洞
Description
WSO2 Application Server等都是美国WSO2公司的产品。WSO2 Application Server是一套基于云的应用服务器软件。WSO2 Business Process Server是一套业务流程服务器软件。Management Console是其中的一个管理控制台程序。 多款WSO2产品中的Management Console存在跨站脚本漏洞。远程攻击者可利用该漏洞将用户重定向到恶意的网站,更改Web页面的UI或从浏览器中检索信息。
Severity
Patch Name
多款WSO2产品Management Console跨站脚本漏洞的补丁
Patch Description
WSO2 Application Server等都是美国WSO2公司的产品。WSO2 Application Server是一套基于云的应用服务器软件。WSO2 Business Process Server是一套业务流程服务器软件。Management Console是其中的一个管理控制台程序。 多款WSO2产品中的Management Console存在跨站脚本漏洞。远程攻击者可利用该漏洞将用户重定向到恶意的网站,更改Web页面的UI或从浏览器中检索信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0257

Reference
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0257
Impacted products
Name
['WSO2 Application Server 5.3.0', 'WSO2 Business Process Server 3.6.0', 'WSO2 Business Rules Server 2.2.0', 'WSO2 Complex Event Processor 4.2.0', 'WSO2 Dashboard Server 2.0.0', 'WSO2 Data Analytics Server 3.1.0', 'WSO2 Data Services Server 3.5.1', 'WSO2 Machine Learner 1.2.0']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14995"
    }
  },
  "description": "WSO2 Application Server\u7b49\u90fd\u662f\u7f8e\u56fdWSO2\u516c\u53f8\u7684\u4ea7\u54c1\u3002WSO2 Application Server\u662f\u4e00\u5957\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u670d\u52a1\u5668\u8f6f\u4ef6\u3002WSO2 Business Process Server\u662f\u4e00\u5957\u4e1a\u52a1\u6d41\u7a0b\u670d\u52a1\u5668\u8f6f\u4ef6\u3002Management Console\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7ba1\u7406\u63a7\u5236\u53f0\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eWSO2\u4ea7\u54c1\u4e2d\u7684Management Console\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u6076\u610f\u7684\u7f51\u7ad9\uff0c\u66f4\u6539Web\u9875\u9762\u7684UI\u6216\u4ece\u6d4f\u89c8\u5668\u4e2d\u68c0\u7d22\u4fe1\u606f\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0257",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32219",
  "openTime": "2017-11-01",
  "patchDescription": "WSO2 Application Server\u7b49\u90fd\u662f\u7f8e\u56fdWSO2\u516c\u53f8\u7684\u4ea7\u54c1\u3002WSO2 Application Server\u662f\u4e00\u5957\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u670d\u52a1\u5668\u8f6f\u4ef6\u3002WSO2 Business Process Server\u662f\u4e00\u5957\u4e1a\u52a1\u6d41\u7a0b\u670d\u52a1\u5668\u8f6f\u4ef6\u3002Management Console\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7ba1\u7406\u63a7\u5236\u53f0\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eWSO2\u4ea7\u54c1\u4e2d\u7684Management Console\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u6076\u610f\u7684\u7f51\u7ad9\uff0c\u66f4\u6539Web\u9875\u9762\u7684UI\u6216\u4ece\u6d4f\u89c8\u5668\u4e2d\u68c0\u7d22\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eWSO2\u4ea7\u54c1Management Console\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "WSO2  Application Server 5.3.0",
      "WSO2  Business Process Server 3.6.0",
      "WSO2  Business Rules Server 2.2.0",
      "WSO2  Complex Event Processor 4.2.0",
      "WSO2  Dashboard Server 2.0.0",
      "WSO2  Data Analytics Server 3.1.0",
      "WSO2  Data Services Server 3.5.1",
      "WSO2  Machine Learner 1.2.0"
    ]
  },
  "referenceLink": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0257",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-31",
  "title": "\u591a\u6b3eWSO2\u4ea7\u54c1Management Console\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.