CVE-2019-10243 - OpenCVE

In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eclipse	Kura

Configuration 1 [-]

cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/107844
https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834

History

No history.

MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2019-04-09T15:42:42

Updated: 2024-08-04T22:17:19.791Z

Reserved: 2019-03-27T00:00:00

Link: CVE-2019-10243

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-09T16:29:01.553

Modified: 2019-10-09T23:44:33.477

Link: CVE-2019-10243

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Eclipse Kura", "vendor": "The Eclipse Foundation", "versions": [{"lessThanOrEqual": "4.0.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497: Exposure of System Data to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-10T15:06:15", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834"}, {"name": "107844", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107844"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2019-10243", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Kura", "version": {"version_data": [{"version_affected": "<=", "version_value": "4.0.0"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-497: Exposure of System Data to an Unauthorized Control Sphere"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834"}, {"name": "107844", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107844"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:17:19.791Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834"}, {"name": "107844", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107844"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2019-10243", "datePublished": "2019-04-09T15:42:42", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2024-08-04T22:17:19.791Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8694467-C2A3-42A1-8BB7-6D038E2DDA89", "versionEndIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura."}, {"lang": "es", "value": "En Eclipse Kura en las versiones anteriores a la 4.0.0, Kura expone la versi\u00f3n subyacente del servidor Web de Ui en sus respuestas. Esto puede ser usado como una pista por un atacante para crear ataques espec\u00edficos al servidor web ejecutado por Kura."}], "id": "CVE-2019-10243", "lastModified": "2019-10-09T23:44:33.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-09T16:29:01.553", "references": [{"source": "emo@eclipse.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107844"}, {"source": "emo@eclipse.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-497"}], "source": "emo@eclipse.org", "type": "Secondary"}]}