CVE-2012-2223 - OpenCVE

The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Zenworks Configuration Management

Configuration 1 [-]

OR	cpe:2.3:a:novell:zenworks_configuration_management:10.3:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:10.3.1:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:10.3.2:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:10.3.3:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11.1:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11.1a:::::::*

No data.

References

Link	Providers
http://www.novell.com/support/viewContent.do?externalId=7008244
http://www.novell.com/support/viewContent.do?externalId=7010044
http://www.novell.com/support/viewContent.do?externalId=7010137
https://exchange.xforce.ibmcloud.com/vulnerabilities/74818

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-04-11T10:00:00

Updated: 2024-08-06T19:26:08.954Z

Reserved: 2012-04-11T00:00:00

Link: CVE-2012-2223

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-04-11T10:39:27.327

Modified: 2017-12-20T02:29:01.567

Link: CVE-2012-2223

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-08T00:00:00", "descriptions": [{"lang": "en", "value": "The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-19T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "novell-zenworks-xplat-xst(74818)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74818"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.novell.com/support/viewContent.do?externalId=7010044"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.novell.com/support/viewContent.do?externalId=7010137"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.novell.com/support/viewContent.do?externalId=7008244"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-2223", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "novell-zenworks-xplat-xst(74818)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74818"}, {"name": "http://www.novell.com/support/viewContent.do?externalId=7010044", "refsource": "CONFIRM", "url": "http://www.novell.com/support/viewContent.do?externalId=7010044"}, {"name": "http://www.novell.com/support/viewContent.do?externalId=7010137", "refsource": "CONFIRM", "url": "http://www.novell.com/support/viewContent.do?externalId=7010137"}, {"name": "http://www.novell.com/support/viewContent.do?externalId=7008244", "refsource": "CONFIRM", "url": "http://www.novell.com/support/viewContent.do?externalId=7008244"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:08.954Z"}, "title": "CVE Program Container", "references": [{"name": "novell-zenworks-xplat-xst(74818)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74818"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.novell.com/support/viewContent.do?externalId=7010044"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.novell.com/support/viewContent.do?externalId=7010137"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.novell.com/support/viewContent.do?externalId=7008244"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-2223", "datePublished": "2012-04-11T10:00:00", "dateReserved": "2012-04-11T00:00:00", "dateUpdated": "2024-08-06T19:26:08.954Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "0ABC25E5-76CD-469B-879A-B1F7109D0181", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "556F4B13-4C98-41D6-A2A4-138780C206CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F4C1F2D-D479-4353-8E95-A1326783CEBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "44E12A11-E11B-4330-A94E-7F40BE3ECFD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11:*:*:*:*:*:*:*", "matchCriteriaId": "98942F6C-330F-459A-B2B4-72572DB4070E", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "F5A92B0C-7256-45F0-8E0C-ADFEF36CF43D", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.1a:*:*:*:*:*:*:*", "matchCriteriaId": "2446CA9A-9908-4270-9F4B-119835588D99", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors."}, {"lang": "es", "value": "El agente xplat de Novell ZENworks Configuration Management (ZCM) 10.3.x y anteriores a 10.3.4 y 11.x anteriores a 11.2 tienen habilitado el m\u00e9todo HTTP TRACE, lo que facilita a atacantes remotos realizar ataques \"cross-site tracing\" (XST) a trav\u00e9s de vectores sin especificar."}], "id": "CVE-2012-2223", "lastModified": "2017-12-20T02:29:01.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-04-11T10:39:27.327", "references": [{"source": "cve@mitre.org", "url": "http://www.novell.com/support/viewContent.do?externalId=7008244"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/support/viewContent.do?externalId=7010044"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.novell.com/support/viewContent.do?externalId=7010137"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74818"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}