jvndb-2017-001053
Vulnerability from jvndb
Published
2017-01-23 17:57
Modified
2018-02-28 11:35
Severity ?
5.5 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
Mis-configuration of Apache Velocity template engine used to send emails in GigaCC OFFICE
Details
GigaCC OFFICE provided by WAM!NET Japan K.K. contains mis-configuration of Apache Velocity template engine which is used to send emails. WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated under the Information Security Early Warning Partnership. Dongjoo Ha and Heaeun Moon of NSHC Pre., Ltd. Masaki Yoshikawa of Recruit Technologies Co.,Ltd.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-001053.html",
  "dc:date": "2018-02-28T11:35+09:00",
  "dcterms:issued": "2017-01-23T17:57+09:00",
  "dcterms:modified": "2018-02-28T11:35+09:00",
  "description": "GigaCC OFFICE provided by WAM!NET Japan K.K. contains mis-configuration of Apache Velocity template engine which is used to send emails.\r\n\r\nWAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated under the Information Security Early Warning Partnership.\r\n\r\nDongjoo Ha and Heaeun Moon of NSHC Pre., Ltd.\r\nMasaki Yoshikawa of Recruit Technologies Co.,Ltd.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-001053.html",
  "sec:cpe": {
    "#text": "cpe:/a:gigaccsecure:gigacc_office",
    "@product": "GigaCC OFFICE",
    "@vendor": "WAM!NET Japan K.K.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-001053",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU91417143",
      "@id": "JVNVU#91417143",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7844",
      "@id": "CVE-2016-7844",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7844",
      "@id": "CVE-2016-7844",
      "@source": "NVD"
    }
  ],
  "title": "Mis-configuration of Apache Velocity template engine used to send emails in GigaCC OFFICE"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.