Details of VAR-200910-0131

ID

VAR-200910-0131

CVE

CVE-2009-3646

TITLE

InterVations NaviCOPA Web Server In Web Vulnerability to get page source code

Trust: 0.8

sources: JVNDB: JVNDB-2009-005046

DESCRIPTION

InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. NaviCOPA Web Server is a web server installed on a Windows system that automatically configures HTTP access. NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. The CB Resume Builder ('com_cbresumebuilder') component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. Input passed via the "group_id" parameter to index.php (if "option" is set to "com_cbresumebuilder" and "task" is set to "group_member") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: NaviCOPA Script Source Disclosure and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA33766 VERIFY ADVISORY: http://secunia.com/advisories/33766/ CRITICAL: Highly critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From remote SOFTWARE: NaviCOPA 3.x http://secunia.com/advisories/product/21322/ DESCRIPTION: e.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. 1) A boundary error in the processing of HTTP requests can be exploited to cause a heap-based buffer overflow via an overly long HTTP GET request. PHP scripts via specially crafted requests containing e.g. dot characters. The vulnerabilities are confirmed in version 3.01. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: e.wiZz! ORIGINAL ADVISORY: http://milw0rm.com/exploits/7966 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.15

sources: NVD: CVE-2009-3646 // JVNDB: JVNDB-2009-005046 // CNVD: CNVD-2009-0590 // BID: 79333 // BID: 33585 // BID: 36598 // PACKETSTORM: 81825 // PACKETSTORM: 74658

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2009-0590

AFFECTED PRODUCTS

vendor:	intervations	model:	navicopa web server	scope:	eq	version:	3.01	Trust: 3.0
vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	joomlacache	model:	cb resume builder	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2009-0590 // BID: 79333 // BID: 33585 // BID: 36598 // JVNDB: JVNDB-2009-005046 // CNNVD: CNNVD-200910-168 // NVD: CVE-2009-3646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-3646
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-3646
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2009-0590
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-200910-168
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2009-3646
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2009-0590
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2009-0590 // JVNDB: JVNDB-2009-005046 // CNNVD: CNNVD-200910-168 // NVD: CVE-2009-3646

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2009-005046 // NVD: CVE-2009-3646

THREAT TYPE

network

Trust: 0.9

sources: BID: 79333 // BID: 33585 // BID: 36598

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200910-168

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-005046

PATCH

title:

Top Page

url:

http://www.navicopa.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-005046

EXTERNAL IDS

db:	NVD	id:	CVE-2009-3646	Trust: 2.7
db:	SECUNIA	id:	33766	Trust: 1.8
db:	EXPLOIT-DB	id:	9694	Trust: 1.3
db:	OSVDB	id:	58386	Trust: 1.0
db:	BID	id:	33585	Trust: 0.9
db:	BID	id:	36598	Trust: 0.9
db:	JVNDB	id:	JVNDB-2009-005046	Trust: 0.8
db:	SECUNIA	id:	36954	Trust: 0.7
db:	CNVD	id:	CNVD-2009-0590	Trust: 0.6
db:	CNNVD	id:	CNNVD-200910-168	Trust: 0.6
db:	XF	id:	53278	Trust: 0.3
db:	BID	id:	79333	Trust: 0.3
db:	PACKETSTORM	id:	81825	Trust: 0.1
db:	EXPLOIT-DB	id:	7966	Trust: 0.1
db:	PACKETSTORM	id:	74658	Trust: 0.1

sources: CNVD: CNVD-2009-0590 // BID: 79333 // BID: 33585 // BID: 36598 // JVNDB: JVNDB-2009-005046 // PACKETSTORM: 81825 // PACKETSTORM: 74658 // CNNVD: CNNVD-200910-168 // NVD: CVE-2009-3646

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/53278	Trust: 1.0
url:	http://www.osvdb.org/58386	Trust: 1.0
url:	http://www.exploit-db.com/exploits/9694	Trust: 1.0
url:	http://secunia.com/advisories/33766	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3646	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3646	Trust: 0.8
url:	http://secunia.com/advisories/33766/	Trust: 0.7
url:	http://www.securityfocus.com/bid/36598	Trust: 0.6
url:	http://secunia.com/advisories/36954	Trust: 0.6
url:	http://packetstormsecurity.org/0910-exploits/joomlacbrb-sql.txt	Trust: 0.6
url:	http://www.milw0rm.com/exploits/9694	Trust: 0.3
url:	http://xforce.iss.net/xforce/xfdb/53278	Trust: 0.3
url:	http://www.navicopa.com/	Trust: 0.3
url:	/archive/1/500626	Trust: 0.3
url:	http://www.joomlacache.com/	Trust: 0.3
url:	http://docs.joomla.org/vulnerable_extensions_list#new_format_feed_starts_here	Trust: 0.3
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	http://secunia.com/advisories/36954/	Trust: 0.1
url:	http://secunia.com/advisories/product/21322/	Trust: 0.1
url:	http://milw0rm.com/exploits/7966	Trust: 0.1

CREDITS

Unknown

Trust: 0.3

sources: BID: 79333

SOURCES

db:	CNVD	id:	CNVD-2009-0590
db:	BID	id:	79333
db:	BID	id:	33585
db:	BID	id:	36598
db:	JVNDB	id:	JVNDB-2009-005046
db:	PACKETSTORM	id:	81825
db:	PACKETSTORM	id:	74658
db:	CNNVD	id:	CNNVD-200910-168
db:	NVD	id:	CVE-2009-3646

LAST UPDATE DATE

2025-04-10T23:05:04.556000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2009-0590	date:	2014-01-27T00:00:00
db:	BID	id:	79333	date:	2009-10-09T00:00:00
db:	BID	id:	33585	date:	2009-08-25T00:52:00
db:	BID	id:	36598	date:	2010-02-11T18:01:00
db:	JVNDB	id:	JVNDB-2009-005046	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200910-168	date:	2009-10-12T00:00:00
db:	NVD	id:	CVE-2009-3646	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2009-0590	date:	2009-02-03T00:00:00
db:	BID	id:	79333	date:	2009-10-09T00:00:00
db:	BID	id:	33585	date:	2009-02-03T00:00:00
db:	BID	id:	36598	date:	2009-10-05T00:00:00
db:	JVNDB	id:	JVNDB-2009-005046	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	81825	date:	2009-10-06T15:00:18
db:	PACKETSTORM	id:	74658	date:	2009-02-04T15:44:25
db:	CNNVD	id:	CNNVD-200910-168	date:	2009-10-09T00:00:00
db:	NVD	id:	CVE-2009-3646	date:	2009-10-09T14:30:00.377