{"id": "CVE-2015-5411", "bulletinFamily": "NVD", "title": "CVE-2015-5411", "description": "HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.", "published": "2015-08-26T14:59:02", "modified": "2016-12-21T22:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5411", "reporter": "NVD", "references": ["https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115", "http://www.securitytracker.com/id/1033378"], "cvelist": ["CVE-2015-5411"], "type": "cve", "lastseen": "2017-04-18T15:57:31", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:hp:version_control_repository_manager:7.4.0"], "cvelist": ["CVE-2015-5411"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.", "edition": 1, "hash": "767534ac27586309a7a4987b01f50b4e28b5f7b80f615e61fa5fa77130f8b943", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6137392ab77132251686c4df4f50d164", "key": "modified"}, {"hash": "42869342f874038c567ae69834635993", "key": "cvelist"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e506440fbd4bb8ee3fceff303f3a2c3d", "key": "cpe"}, {"hash": "361767196203b52713a666ffa8f75a46", "key": "published"}, {"hash": "3a82a53eda08ea60ab9ea3231cdf14e4", "key": "description"}, {"hash": "2deafa55d8957cb20912769b3a7d4b1c", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "24ffc5e43ed5e1059f60f2bd3d71ba99", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "03f80d18bfbcec0bd9b7a36224f85859", "key": "title"}, {"hash": "9f4d6eb775ee4b80285d6dd3c0bc974c", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5411", "id": "CVE-2015-5411", "lastseen": "2016-09-03T22:52:52", "modified": "2015-08-27T09:43:57", "objectVersion": "1.2", "published": "2015-08-26T14:59:02", "references": ["https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115"], "reporter": "NVD", "scanner": [], "title": "CVE-2015-5411", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T22:52:52"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e506440fbd4bb8ee3fceff303f3a2c3d"}, {"key": "cvelist", "hash": "42869342f874038c567ae69834635993"}, {"key": "cvss", "hash": "9f4d6eb775ee4b80285d6dd3c0bc974c"}, {"key": "description", "hash": "3a82a53eda08ea60ab9ea3231cdf14e4"}, {"key": "href", "hash": "24ffc5e43ed5e1059f60f2bd3d71ba99"}, {"key": "modified", "hash": "2b4fddaafdcda1f759c9c6dda55c8a09"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "361767196203b52713a666ffa8f75a46"}, {"key": "references", "hash": "243ce6d793897230a123a68d9e9b87fb"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "03f80d18bfbcec0bd9b7a36224f85859"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "083d9dd4df36f662297f142c4cb136e39616435129069ab3d9af3712ceff5785", "viewCount": 0, "objectVersion": "1.2", "cpe": ["cpe:/a:hp:version_control_repository_manager:7.4.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"vulnersScore": 5.0}}

{"result": {"nessus": [{"id": "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_0.NASL", "type": "nessus", "title": "HP Version Control Repository Manager < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)", "description": "The version of HP Version Control Repository Manager (VCRM) installed on the remote Windows host is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\n\n - An unspecified buffer overflow condition exists in VCRM due to improper validation of user-supplied input. A remote, authenticated attacker can exploit this to cause a denial of service or execute arbitrary code.\n (CVE-2015-5409)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to modify values without proper authorization, gain unspecified access, cause a denial of service, or execute arbitrary code. (CVE-2015-5410)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to gain access to sensitive information. (CVE-2015-5411, CVE-2015-5413)\n\n - A flaw exists in VCRM when handling certain sensitive actions due to HTTP requests not requiring multiple steps, explicit confirmation, or a unique token. A remote, authenticated attacker can exploit this to conduct a cross-site request forgery attack via a specially crafted link. (CVE-2015-5412)", "published": "2015-09-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85802", "cvelist": ["CVE-2015-5411", "CVE-2015-5410", "CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-5413", "CVE-2015-0204", "CVE-2015-5412", "CVE-2015-5409", "CVE-2015-0205", "CVE-2014-3569"], "lastseen": "2017-10-29T13:39:59"}, {"id": "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_NIX.NASL", "type": "nessus", "title": "HP Version Control Repository Manager for Linux < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)", "description": "The version of HP Version Control Repository Manager (VCRM) installed on the remote Linux host is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\n\n - An unspecified buffer overflow condition exists in VCRM due to improper validation of user-supplied input. A remote, authenticated attacker can exploit this to cause a denial of service or execute arbitrary code.\n (CVE-2015-5409)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to modify values without proper authorization, gain unspecified access, cause a denial of service, or execute arbitrary code. (CVE-2015-5410)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to gain access to sensitive information. (CVE-2015-5411, CVE-2015-5413)\n\n - A flaw exists in VCRM when handling certain sensitive actions due to HTTP requests not requiring multiple steps, explicit confirmation, or a unique token. A remote, authenticated attacker can exploit this to conduct a cross-site request forgery attack via a specially crafted link. (CVE-2015-5412)", "published": "2015-09-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85803", "cvelist": ["CVE-2015-5411", "CVE-2015-5410", "CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-5413", "CVE-2015-0204", "CVE-2015-5412", "CVE-2015-5409", "CVE-2015-0205", "CVE-2014-3569"], "lastseen": "2017-10-29T13:33:03"}]}}