CVE-2019-3723
published 2019-06-06CVE-2019-3723: Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote…
PriorityP358critical9.1CVSS 3.0
AVNACLPRNUINSUCNIHAH
EPSS
1.85%
76.4th percentile
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | emc_openmanage_server_administrator | — | — |
| dell | emc_openmanage_server_administrator | — | — |
| dell | emc_openmanage_server_administrator | — | — |
| dell | emc_openmanage_server_administrator | — | — |
| dell | emc_openmanage_server_administrator | — | — |
| dell | emc_openmanage_server_administrator | — | — |
| dell_emc | openmanage_server_administrator | >= 9.1.0.3 < 9.1.0.3 | 9.1.0.3 |
| dell_emc | openmanage_server_administrator | >= 9.3.0.4 < 9.3.0.4 | 9.3.0.4 |
CVSS provenance
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL MISC UPnP Location overflow
suricata·2010-09-23
CVE-2001-0876 GPL MISC UPnP Location overflow
GPL MISC UPnP Location overflow
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 1900 (msg:"GPL MISC UPnP Location overflow"; content:"Location|3A|"; nocase; isdataat:128,relative; pcre:"/^Location\x3a[^\n]{128}/smi"; reference:bugtraq,3723; reference:cve,2001-0876; classtype:misc-attack; sid:2101388; rev:14; metadata:created_at 2010_09_23, cve CVE_2001_0876, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Suricata
GPL MISC UPnP malformed advertisement
suricata·2010-09-23
CVE-2001-0876 GPL MISC UPnP malformed advertisement
GPL MISC UPnP malformed advertisement
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 1900 (msg:"GPL MISC UPnP malformed advertisement"; content:"NOTIFY * "; nocase; reference:bugtraq,3723; reference:cve,2001-0876; reference:cve,2001-0877; reference:url,www.microsoft.com/technet/security/bulletin/MS01-059.mspx; classtype:misc-attack; sid:2101384; rev:9; metadata:created_at 2010_09_23, cve CVE_2001_0876, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
No public exploits indexed.
http://www.securityfocus.com/bid/108685https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=enhttp://www.securityfocus.com/bid/108685https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en
2019-06-06
Published