ID
VAR-201505-0189
CVE
CVE-2015-0745
TITLE
Cisco Headend System Release Vulnerable to reading temporary script files
Trust: 0.8
sources:
JVNDB: JVNDB-2015-002868
DESCRIPTION
Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909. The Cisco Headend System Release is a front-end broadband digital transmission system. An attacker can exploit this issue to download arbitrary files from the Web server and obtain potentially sensitive information. This issue is being tracked by Cisco bug ID CSCus44909
Trust: 2.52
sources:
NVD: CVE-2015-0745 //
JVNDB: JVNDB-2015-002868 //
CNVD: CNVD-2015-03565 //
BID: 74920 //
VULHUB: VHN-78691
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2015-03565
AFFECTED PRODUCTS
| vendor: | cisco | model: | headend system release | scope: | eq | version: | 2.5 | Trust: 3.0 |
| vendor: | cisco | model: | headend system release | scope: | eq | version: | 2.7 | Trust: 3.0 |
| vendor: | cisco | model: | headend system release | scope: | eq | version: | 3.2 | Trust: 3.0 |
| vendor: | cisco | model: | headend system release | scope: | eq | version: | 3.5 | Trust: 3.0 |
| vendor: | cisco | model: | headend system release | scope: | eq | version: | 3.7 | Trust: 2.4 |
| vendor: | cisco | model: | headend system release | scope: | eq | version: | i4.3 | Trust: 2.4 |
| vendor: | cisco | model: | headend digital broadband delivery system | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | cisco | model: | headend digital broadband delivery system | scope: | - | version: | - | Trust: 1.4 |
| vendor: | cisco | model: | headend system release 3.7.i4.3 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | headend system release i4.3 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | headend system releases | scope: | eq | version: | 0 | Trust: 0.3 |
sources:
CNVD: CNVD-2015-03565 //
BID: 74920 //
JVNDB: JVNDB-2015-002868 //
CNNVD: CNNVD-201505-597 //
NVD: CVE-2015-0745
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2015-03565 //
VULHUB: VHN-78691 //
JVNDB: JVNDB-2015-002868 //
CNNVD: CNNVD-201505-597 //
NVD: CVE-2015-0745
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
sources:
VULHUB: VHN-78691 //
JVNDB: JVNDB-2015-002868 //
NVD: CVE-2015-0745
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201505-597
TYPE
information disclosure
Trust: 0.6
sources:
CNNVD: CNNVD-201505-597
CONFIGURATIONS
sources:
JVNDB: JVNDB-2015-002868
PATCH
| title: | 38944 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=38944 | Trust: 0.8 |
| title: | Patch for Cisco Headend System Release Sensitive Information Disclosure Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/59268 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-03565 //
JVNDB: JVNDB-2015-002868
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-0745 | Trust: 3.4 |
| db: | SECTRACK | id: | 1032445 | Trust: 1.1 |
| db: | BID | id: | 74920 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2015-002868 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201505-597 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-03565 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-78691 | Trust: 0.1 |
sources:
CNVD: CNVD-2015-03565 //
VULHUB: VHN-78691 //
BID: 74920 //
JVNDB: JVNDB-2015-002868 //
CNNVD: CNNVD-201505-597 //
NVD: CVE-2015-0745
REFERENCES
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=38944 | Trust: 2.6 |
| url: | http://www.securitytracker.com/id/1032445 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0745 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0745 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
sources:
CNVD: CNVD-2015-03565 //
VULHUB: VHN-78691 //
BID: 74920 //
JVNDB: JVNDB-2015-002868 //
CNNVD: CNNVD-201505-597 //
NVD: CVE-2015-0745
CREDITS
Cisco
Trust: 0.3
sources:
BID: 74920
SOURCES
| db: | CNVD | id: | CNVD-2015-03565 |
| db: | VULHUB | id: | VHN-78691 |
| db: | BID | id: | 74920 |
| db: | JVNDB | id: | JVNDB-2015-002868 |
| db: | CNNVD | id: | CNNVD-201505-597 |
| db: | NVD | id: | CVE-2015-0745 |
LAST UPDATE DATE
2025-04-13T23:09:54.533000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-03565 | date: | 2015-06-04T00:00:00 |
| db: | VULHUB | id: | VHN-78691 | date: | 2017-01-04T00:00:00 |
| db: | BID | id: | 74920 | date: | 2015-05-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-002868 | date: | 2015-06-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-201505-597 | date: | 2015-06-05T00:00:00 |
| db: | NVD | id: | CVE-2015-0745 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-03565 | date: | 2015-06-04T00:00:00 |
| db: | VULHUB | id: | VHN-78691 | date: | 2015-05-30T00:00:00 |
| db: | BID | id: | 74920 | date: | 2015-05-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-002868 | date: | 2015-06-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-201505-597 | date: | 2015-05-30T00:00:00 |
| db: | NVD | id: | CVE-2015-0745 | date: | 2015-05-30T14:59:03.833 |