CVE-2010-3273
published 2011-02-17CVE-2010-3273: ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
3.33%
87.1th percentile
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_adselfservice_plus | <= 4.4 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6c5v-7rg2-fmv9: ZOHO ManageEngine ADSelfService Plus before 4
ghsa_unreviewed·2022-05-14
CVE-2010-3273 [MEDIUM] CWE-20 GHSA-6c5v-7rg2-fmv9: ZOHO ManageEngine ADSelfService Plus before 4
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
Red Hat
JBossEAP status servlet info leak
vendor_redhat·2010-04-26·CVSS 5.0
CVE-2010-1429 [MEDIUM] JBossEAP status servlet info leak
JBossEAP status servlet info leak
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Suricata
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-3273 [HIGH] ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm ASCII
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm ASCII"; flow:established,to_server; http.uri; content:"/index.cfm?"; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3273; reference:url,www.securityfocus.com/bid/24498; classtype:web-application-attack; sid:2006465; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public
Suricata
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3273 [HIGH] ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm SELECT
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm SELECT"; flow:established,to_server; http.uri; content:"/index.cfm?"; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3273; reference:url,www.securityfocus.com/bid/24498; classtype:web-application-attack; sid:2006461; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public
Suricata
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3273 [HIGH] ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UNION SELECT
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UNION SELECT"; flow:established,to_server; http.uri; content:"/index.cfm?"; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3273; reference:url,www.securityfocus.com/bid/24498; classtype:web-application-attack; sid:2006462; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name E
Suricata
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3273 [HIGH] ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm DELETE
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm DELETE"; flow:established,to_server; http.uri; content:"/index.cfm?"; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3273; reference:url,www.securityfocus.com/bid/24498; classtype:web-application-attack; sid:2006464; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public
Suricata
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3273 [HIGH] ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UPDATE
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UPDATE"; flow:established,to_server; http.uri; content:"/index.cfm?"; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-3273; reference:url,www.securityfocus.com/bid/24498; classtype:web-application-attack; sid:2006466; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_
Suricata
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3273 [HIGH] ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm INSERT
ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm INSERT"; flow:established,to_server; http.uri; content:"/index.cfm?"; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-3273; reference:url,www.securityfocus.com/bid/24498; classtype:web-application-attack; sid:2006463; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public
Nuclei
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
nuclei·CVSS 5.0
CVE-2010-1429 [MEDIUM] Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Template:
id: CVE-2010-1429
info:
name: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
author: R12W4N
severity: medium
description: |
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain
http://secunia.com/advisories/43241http://securityreason.com/securityalert/8089http://www.coresecurity.com/content/zoho-manageengine-vulnerabilitieshttp://www.osvdb.org/70869http://www.securityfocus.com/archive/1/516396/100/0/threadedhttp://www.securityfocus.com/bid/46331http://www.vupen.com/english/advisories/2011/0392https://exchange.xforce.ibmcloud.com/vulnerabilities/65348http://secunia.com/advisories/43241http://securityreason.com/securityalert/8089http://www.coresecurity.com/content/zoho-manageengine-vulnerabilitieshttp://www.osvdb.org/70869http://www.securityfocus.com/archive/1/516396/100/0/threadedhttp://www.securityfocus.com/bid/46331http://www.vupen.com/english/advisories/2011/0392https://exchange.xforce.ibmcloud.com/vulnerabilities/65348
2011-02-17
Published