CERTA-2004-AVI-094
Vulnerability from certfr_avis
None
Description
Une vulnérabilité est présente dans les « services web » basés sur SOAP (Simple Object Access Protocol) ayant un tableau d'objets en argument.
Un utilisateur mal intentionné peut réaliser, via une requête SOAP malicieusement construite, un déni de service sur le serveur SOAP vulnérable.
Solution
Appliquer le correctif correspondant à votre système (cf. section documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | N/A | Macromedia JRun 4.0 ; | ||
| Adobe | ColdFusion | Macromedia ColdFusion/MX versions 6.0 et 6.1 J2EE ; | ||
| Adobe | N/A | Sun Java System Application Server 7 Update 2 et versions antérieures. | ||
| Adobe | ColdFusion | Macromedia ColdFusion/MX versions 6.0 et 6.1 ; |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Macromedia JRun 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Macromedia ColdFusion/MX versions 6.0 et 6.1 J2EE ;",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Sun Java System Application Server 7 Update 2 et versions ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Macromedia ColdFusion/MX versions 6.0 et 6.1 ;",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans les \u00ab services web \u00bb bas\u00e9s sur SOAP\n(Simple Object Access Protocol) ayant un tableau d\u0027objets en argument.\n\nUn utilisateur mal intentionn\u00e9 peut r\u00e9aliser, via une requ\u00eate SOAP\nmalicieusement construite, un d\u00e9ni de service sur le serveur SOAP\nvuln\u00e9rable.\n\n## Solution\n\nAppliquer le correctif correspondant \u00e0 votre syst\u00e8me (cf. section\ndocumentation).\n",
"cves": [],
"initial_release_date": "2004-03-18T00:00:00",
"last_revision_date": "2004-03-18T00:00:00",
"links": [
{
"title": "Avis de s\u00e9curit\u00e9 57517 de Sun :",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57517"
},
{
"title": "Avis de s\u00e9curit\u00e9 MPSB04-04 de Macromedia :",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html"
}
],
"reference": "CERTA-2004-AVI-094",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-03-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 sur plusieurs serveurs SOAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 Macromedia",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…