CVE-2015-9287

{"id": "CVE-2015-9287", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-05-13T16:29:00.350", "references": [{"url": "https://doi.org/10.1007/978-3-030-03251-7_1", "tags": ["Permissions Required", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/grymer/CVE", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://doi.org/10.1007/978-3-030-03251-7_1", "tags": ["Permissions Required", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/grymer/CVE", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field (\"kid\") of the IdP's HTTP response message (\"WLS-Response\") can be manipulated by an attacker. The \"kid\" field is not signed like the rest of the message, and manipulation is therefore trivial. The \"kid\" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location."}, {"lang": "es", "value": "Fue encontrada una vulnerabilidad de Salto de Directorio (Directory Traversal) en University of Cambridge mod_ucam_webauth before 2.0.2. Un atacante puede manipular el campo de identificaci\u00f3n de clave (\"Kid\") del mensaje de respuesta HTTP del IdP (\"WLS-Response\"). El campo \"Kid\" no est\u00e1 firmado como el resto del mensaje y, por lo tanto, la manipulaci\u00f3n es trivial. El campo \"Kid\" solo debe representar un n\u00famero entero. Sin embargo, es posible suministrar cualquier valor de cadena. Un atacante podr\u00eda usar esto para su ventaja para forzar al agente de la aplicaci\u00f3n a cargar la clave p\u00fablica RSA requerida para verificar la integridad del mensaje desde una ubicaci\u00f3n no deseada."}], "lastModified": "2024-11-21T02:40:15.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cam:the_university_of_cambridge_web_authentication_system_apache_authentication_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6D52381-2AFB-4AD5-B7D9-F4AA10F60C50", "versionEndExcluding": "2.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}