Details of VAR-201002-0067

ID

VAR-201002-0067

CVE

CVE-2010-0144

TITLE

Cisco IronPort Encryption Appliance Etc. WebSafe DistributorServlet Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2010-003779

DESCRIPTION

Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922

Trust: 1.71

sources: NVD: CVE-2010-0144 // JVNDB: JVNDB-2010-003779 // VULHUB: VH-CVE-2010-0144

AFFECTED PRODUCTS

vendor:	cisco	model:	ironport postx	scope:	eq	version:	6.2.2.2	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.5	Trust: 1.6
vendor:	cisco	model:	ironport postx	scope:	eq	version:	6.2.2.1	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.5	Trust: 1.6
vendor:	cisco	model:	ironport postx	scope:	eq	version:	6.2.1	Trust: 1.6
vendor:	cisco	model:	ironport postx	scope:	eq	version:	6.2.2	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.5.0.1	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.6	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.6	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.2	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.4	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.1	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.4	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.5	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.3	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.4.1	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	lt	version:	6.2.9.1	Trust: 0.8

sources: NVD: CVE-2010-0144 // CNNVD: CNNVD-201002-109 // JVNDB: JVNDB-2010-003779

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2010-0144
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201002-109
value:	HIGH
Trust: 0.6
VUL-HUB:	VH-CVE-2010-0144
value:	HIGH RISK
Trust: 0.1

NVD:	CVE-2010-0144
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.8
VULHUB:	VH-CVE-2010-0144
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: NVD: CVE-2010-0144 // CNNVD: CNNVD-201002-109 // JVNDB: JVNDB-2010-003779 // VULHUB: VH-CVE-2010-0144

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-0144

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201002-109

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201002-109

CONFIGURATIONS

sources: NVD: CVE-2010-0144

PATCH

title:	Multiple Vulnerabilities in Cisco IronPort Encryption Appliance	url:	http://www.cisco.com/en/us/products/csa/cisco-sa-20100210-ironport.html	Trust: 0.8
title:	Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in IronPort Encryption Appliance	url:	http://www.cisco.com/c/en/us/support/docs/cmb/cisco-amb-20100210-ironport.html	Trust: 0.8
title:	cisco-sa-20100210-ironport	url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20100210-ironport	Trust: 0.8
title:	19880	url:	http://tools.cisco.com/security/center/viewalert.x?alertid=19880	Trust: 0.8
title:	cisco-sa-20100210-ironport	url:	http://www.cisco.com/cisco/web/support/jp/113/1136/1136140_cisco-sa-20100210-ironport-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2010-003779

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0144	Trust: 2.5
db:	SECUNIA	id:	38525	Trust: 1.0
db:	JVNDB	id:	JVNDB-2010-003779	Trust: 0.8
db:	CNNVD	id:	CNNVD-201002-109	Trust: 0.7
db:	CISCO	id:	20100210 MULTIPLE VULNERABILITIES IN CISCO IRONPORT ENCRYPTION APPLIANCE	Trust: 0.6
db:	VULHUB	id:	VH-CVE-2010-0144	Trust: 0.1

sources: NVD: CVE-2010-0144 // CNNVD: CNNVD-201002-109 // JVNDB: JVNDB-2010-003779 // VULHUB: VH-CVE-2010-0144

REFERENCES

url:	http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080b17904.html	Trust: 1.6
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a0080b17903.shtml	Trust: 1.6
url:	http://secunia.com/advisories/38525	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0144	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0144	Trust: 0.8

sources: NVD: CVE-2010-0144 // CNNVD: CNNVD-201002-109 // JVNDB: JVNDB-2010-003779

SOURCES

db:	NVD	id:	CVE-2010-0144
db:	CNNVD	id:	CNNVD-201002-109
db:	JVNDB	id:	JVNDB-2010-003779
db:	VULHUB	id:	VH-CVE-2010-0144

LAST UPDATE DATE

2021-12-18T05:43:58.290000+00:00

SOURCES UPDATE DATE

db:	NVD	id:	CVE-2010-0144	date:	2010-02-26T07:10:00
db:	CNNVD	id:	CNNVD-201002-109	date:	2010-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2010-003779	date:	2012-06-26T00:00:00
db:	VULHUB	id:	VH-CVE-2010-0144	date:	2010-02-26T00:00:00

SOURCES RELEASE DATE

db:	NVD	id:	CVE-2010-0144	date:	2010-02-11T17:30:00
db:	CNNVD	id:	CNNVD-201002-109	date:	2010-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2010-003779	date:	2012-06-26T00:00:00
db:	VULHUB	id:	VH-CVE-2010-0144	date:	2010-02-11T00:00:00