Vulnerabilities > CVE-2007-3012 - Information Disclosure vulnerability in Fujitsu PRIMERGY BX300 Blade Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/57500/fujitsu-primergy-disclose.txt |
| id | PACKETSTORM:57500 |
| last seen | 2016-12-05 |
| published | 2007-07-07 |
| reporter | redteam-pentesting.de |
| source | https://packetstormsecurity.com/files/57500/fujitsu-primergy-disclose.txt.html |
| title | fujitsu-primergy-disclose.txt |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 24761 CVE(CAN) ID: CVE-2007-3012 PRIMERGY BX300是非常适用于运算密集应用程序的刀片服务器。 PRIMERGY BX300的Web界面在处理访问认证时存在漏洞,远程攻击者可能利用此漏洞获取服务器相关的敏感信息。 PRIMERGY BX300的Web接口是可以通过HTTP访问的,在访问时默认会要求HTTP Auth认证,如果在浏览器中取消了认证对话框,就会显示空白页面,页面的HTML代码会泄露一些到Web界面子页面的超级链接。如果在浏览器中直接访问了这些链接,会再次出现认证对话,但点击“取消”后仍会显示页面和表单字段中的数据。也就是攻击者可以绕过Web界面的认证,访问管理界面中的信息。 Fujitsu PRIMERGY BX300 临时解决方法: * 禁止不可信任用户访问PRIMERGY BX300的Web接口。 厂商补丁: Fujitsu ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href="http://www.fujitsu.com/global/services/computing/server/ia/bladeserver/" target="_blank">http://www.fujitsu.com/global/services/computing/server/ia/bladeserver/</a> |
| id | SSV:1969 |
| last seen | 2017-11-19 |
| modified | 2007-07-05 |
| published | 2007-07-05 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-1969 |
| title | Fujitsu PRIMERGY BX300刀片服务器信息泄露漏洞 |
References
- http://osvdb.org/37837
- http://secunia.com/advisories/25943
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-003.php
- http://www.securityfocus.com/archive/1/472803/100/0/threaded
- http://www.securityfocus.com/bid/24761
- http://www.vupen.com/english/advisories/2007/2442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35264