fkie_nvd - fkie_cve-2017-15883

fkie_cve-2017-15883

Vulnerability from fkie_nvd

Published

2018-01-08 19:29

Modified

2024-11-21 03:15

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.

References

URL	Tags
cve@mitre.org	https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883	Vendor Advisory
cve@mitre.org	https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/	Third Party Advisory

Impacted products

Vendor	Product	Version
progress	sitefinity	5.1
progress	sitefinity	5.2
progress	sitefinity	5.3
progress	sitefinity	5.4
progress	sitefinity	6.0
progress	sitefinity	6.1
progress	sitefinity	6.2
progress	sitefinity	6.3
progress	sitefinity	7.0
progress	sitefinity	7.1
progress	sitefinity	7.2
progress	sitefinity	7.3
progress	sitefinity	8.0
progress	sitefinity	8.1
progress	sitefinity	8.2
progress	sitefinity	9.0
progress	sitefinity	9.1
progress	sitefinity	9.2
progress	sitefinity	10.0
progress	sitefinity	10.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E7D51DC-4323-4688-909A-F7A91606AAA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA4201A-5E74-4175-8CA7-14E1FF9C919F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1093AEA4-6171-4888-B459-4E556F795647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FCC0A55-CB11-4E94-8E47-0A01190B3306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0898F18C-75C2-49E4-A0D5-7F8A621BCDF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B5D7A1-55C3-4019-B987-3DFB0890A016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F90C068-F46A-404E-B8C0-61C66E3490E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EC9C199-4B1D-475B-A230-382B79FF2E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5879E989-5FA5-4B7C-B408-D28BF9A6E475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A429147-D26F-4D00-82F8-0AB38787F058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3894214-0F21-4B1A-86B7-5C1C959CEBB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5703FDB2-89F3-4A4D-8CE1-DAB5410364C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9765DA21-E412-4531-8414-5E9909DD7C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A3612F-4F13-496F-BCB7-443B28F83757",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539481B-721D-4711-8547-549D6BF4EFE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E118E651-D5EA-4A3C-95D3-ABE7A7A410F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F361531-8E0F-42AB-8ECF-541A201438E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44C5BD02-D8AA-4525-BACA-B4C6C0563A18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF7E946-EBF1-45A9-99C7-AF38E5845CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:sitefinity:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "252F8F5C-C395-40F6-808C-F278EB21E5A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography."
    },
    {
      "lang": "es",
      "value": "Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x y 10.x permite que los atacantes remotos omitan la autenticaci\u00f3n y que provoquen una denegaci\u00f3n de servicio (DoS) en consecuencia en las p\u00e1ginas con carga balanceada o obtengan privilegios mediante vectores relacionados con una criptograf\u00eda d\u00e9bil."
    }
  ],
  "id": "CVE-2017-15883",
  "lastModified": "2024-11-21T03:15:24.227",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-08T19:29:00.953",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-15883 (GCVE-0-2017-15883)

Vulnerability from cvelistv5

Published

2018-01-08 19:00