CVE-2016-5306

{"id": "CVE-2016-5306", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2016-06-30T23:59:17.950", "references": [{"url": "http://www.securityfocus.com/bid/91449", "source": "secure@symantec.com"}, {"url": "http://www.securitytracker.com/id/1036196", "source": "secure@symantec.com"}, {"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-254"}]}], "descriptions": [{"lang": "en", "value": "Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445."}, {"lang": "es", "value": "Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 no implementa adecuadamente el mecanismo de protecci\u00f3n HSTS, lo que facilita a atacantes remotos obtener informaci\u00f3n sensible rastreando la red para tr\u00e1fico HTTP no destinado en puerto 8445."}], "lastModified": "2017-09-01T01:29:28.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:*:mp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCE7769D-5CED-4365-93F3-0D4320470943", "versionEndIncluding": "12.1.6"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}