Информационная безопасность
[RU] switch to English


Утечка информации в EMC Cloud Tiering Appliance
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13722
Тип:удаленная
Уровень опасности:
6/10
Описание:Утечка информации через XML External Entity.
Затронутые продукты:EMC : Cloud Tiering Appliance 10
CVE:CVE-2014-0645 (EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.)
 CVE-2014-0644 (EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.)
Оригинальный текстdocumentEMC, ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities (04.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород