CVE-2010-1273

Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/38759	Vendor Advisory
http://www.osvdb.org/62717
http://www.securityfocus.com/bid/38541
http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emweb:wt::::::::
	cpe:2.3:a:emweb:wt:1.1.4:::::::*
	cpe:2.3:a:emweb:wt:1.1.5:::::::*
	cpe:2.3:a:emweb:wt:1.1.6:::::::*
	cpe:2.3:a:emweb:wt:1.1.7:::::::*
	cpe:2.3:a:emweb:wt:2.0.0:::::::*
	cpe:2.3:a:emweb:wt:2.0.1:::::::*
	cpe:2.3:a:emweb:wt:2.0.4:::::::*
	cpe:2.3:a:emweb:wt:2.0.4a:::::::*
	cpe:2.3:a:emweb:wt:2.0.5:::::::*
	cpe:2.3:a:emweb:wt:2.1.0:::::::*
	cpe:2.3:a:emweb:wt:2.1.1:::::::*
	cpe:2.3:a:emweb:wt:2.1.2:::::::*
	cpe:2.3:a:emweb:wt:2.1.3:::::::*
	cpe:2.3:a:emweb:wt:2.1.4:::::::*
	cpe:2.3:a:emweb:wt:2.1.5:::::::*
	cpe:2.3:a:emweb:wt:2.2.0:::::::*
	cpe:2.3:a:emweb:wt:2.2.1:::::::*
	cpe:2.3:a:emweb:wt:2.2.2:::::::*
	cpe:2.3:a:emweb:wt:2.2.3:::::::*
	cpe:2.3:a:emweb:wt:2.99.0:::::::*
	cpe:2.3:a:emweb:wt:2.99.1:::::::*
	cpe:2.3:a:emweb:wt:2.99.2:::::::*
	cpe:2.3:a:emweb:wt:2.99.3:::::::*
	cpe:2.3:a:emweb:wt:2.99.4:::::::*
	cpe:2.3:a:emweb:wt:2.99.5:::::::*
	cpe:2.3:a:emweb:wt:3.0.0:::::::*

History

No history.

Information

Published : 2010-04-06 16:30

Updated : 2024-02-28 11:41

NVD link : CVE-2010-1273

Mitre link : CVE-2010-1273

CVE.ORG link : CVE-2010-1273

JSON object : View

Products Affected

emweb

wt

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2010-1273", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-04-06T16:30:00.813", "references": [{"url": "http://secunia.com/advisories/38759", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/62717", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/38541", "source": "cve@mitre.org"}, {"url": "http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors."}, {"lang": "es", "value": "Emweb Wt anterior a v3.1.1 no valida correctamente la codificaci\u00f3n UTF-8 de (1) los valores del formulario y (2) de los argumentos JSignal, lo que tiene un impacto y vectores remotos de ataque no especificados."}], "lastModified": "2010-06-07T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emweb:wt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F3C465D-B79A-4158-9228-ED4A6061032C", "versionEndIncluding": "3.1.0"}, {"criteria": "cpe:2.3:a:emweb:wt:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C873F145-6DE2-47B0-8DCB-CBD8786E3EE0"}, {"criteria": "cpe:2.3:a:emweb:wt:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6368A2B-2C1B-430D-9A93-03DD5A36ADAA"}, {"criteria": "cpe:2.3:a:emweb:wt:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A17F008-CEBC-4D48-B181-8531FF07454B"}, {"criteria": "cpe:2.3:a:emweb:wt:1.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC94BBDD-8B6A-4526-A377-7417FA1B4178"}, {"criteria": "cpe:2.3:a:emweb:wt:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C2C8EA2-64FB-46ED-A7F4-1C1A28F78FC7"}, {"criteria": "cpe:2.3:a:emweb:wt:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A10C733-695D-42AC-A21D-2A9D7B829FD0"}, {"criteria": "cpe:2.3:a:emweb:wt:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64525B2B-E8B0-4D0D-93FF-D427C2109BFE"}, {"criteria": "cpe:2.3:a:emweb:wt:2.0.4a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7500DEA-1641-4DBD-AD1F-65C0FAE92BF0"}, {"criteria": "cpe:2.3:a:emweb:wt:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C2A4E0E-44CB-4F4C-BD15-91AA8CA1E3FF"}, {"criteria": "cpe:2.3:a:emweb:wt:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2914EEC6-BE5D-4185-92B8-5038546012A9"}, {"criteria": "cpe:2.3:a:emweb:wt:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9BEA216-4EA2-4966-9510-8350C1F78B8A"}, {"criteria": "cpe:2.3:a:emweb:wt:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F68E528D-4DD9-44CE-B48A-261AFB0B3889"}, {"criteria": "cpe:2.3:a:emweb:wt:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "375D5616-25C0-48F6-B69D-E6C455444E87"}, {"criteria": "cpe:2.3:a:emweb:wt:2.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2836A7B3-BE8D-4CB3-8FB1-75F84B3FA382"}, {"criteria": "cpe:2.3:a:emweb:wt:2.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18E66E57-E107-477C-BE6E-5AEC6F4D2460"}, {"criteria": "cpe:2.3:a:emweb:wt:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3B8BAFF-DEE7-45AB-B6B1-6963AD071786"}, {"criteria": "cpe:2.3:a:emweb:wt:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9EDD50B-B914-45C5-AA84-F28ACAEBA980"}, {"criteria": "cpe:2.3:a:emweb:wt:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F6D5D49-E1B8-4E28-A2C5-306695B59A76"}, {"criteria": "cpe:2.3:a:emweb:wt:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C751462-88ED-4C16-8874-06D3F9F39B42"}, {"criteria": "cpe:2.3:a:emweb:wt:2.99.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F728D62E-65D3-48C6-B0C9-09C1F4FDF730"}, {"criteria": "cpe:2.3:a:emweb:wt:2.99.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02DEDF2B-4E73-4434-98A1-2E7325CC5BE3"}, {"criteria": "cpe:2.3:a:emweb:wt:2.99.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A740FE3-D872-4F4B-9D7B-26CE2DFD415B"}, {"criteria": "cpe:2.3:a:emweb:wt:2.99.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "855F5D67-A8B3-403D-91B4-55D8C6459FE1"}, {"criteria": "cpe:2.3:a:emweb:wt:2.99.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DA32D57-7163-4FAD-B416-BE8D0BFBA7A7"}, {"criteria": "cpe:2.3:a:emweb:wt:2.99.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DDD2D44-73D2-447F-ADE0-0B71F631DE21"}, {"criteria": "cpe:2.3:a:emweb:wt:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2F24D93-83EB-4506-8BFE-350A6EF65369"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}