Search...

CVE-2016-1035

2016-04-12T23:59:00

ID CVE-2016-1035
Type cve
Reporter cve@mitre.org
Modified 2016-12-03T03:20:00

Description

Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.

JSON Vulners Source

Initial Source

{"id": "CVE-2016-1035", "bulletinFamily": "NVD", "title": "CVE-2016-1035", "description": "Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.", "published": "2016-04-12T23:59:00", "modified": "2016-12-03T03:20:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1035", "reporter": "cve@mitre.org", "references": ["https://helpx.adobe.com/security/products/robohelp-server/apsb16-12.html", "http://www.securitytracker.com/id/1035557"], "cvelist": ["CVE-2016-1035"], "type": "cve", "lastseen": "2020-10-03T12:10:40", "edition": 3, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310807673"]}, {"type": "nessus", "idList": ["ROBOHELPSERVER_APSB16-12.NASL"]}], "modified": "2020-10-03T12:10:40", "rev": 2}, "score": {"value": 4.8, "vector": "NONE", "modified": "2020-10-03T12:10:40", "rev": 2}, "vulnersScore": 4.8}, "cpe": ["cpe:/a:adobe:robohelp:9", "cpe:/a:adobe:robohelp:9.0.0.228", "cpe:/a:adobe:robohelp:9.0.1"], "affectedSoftware": [{"cpeName": "adobe:robohelp", "name": "adobe robohelp", "operator": "eq", "version": "9.0.0.228"}, {"cpeName": "adobe:robohelp", "name": "adobe robohelp", "operator": "eq", "version": "9.0.1"}, {"cpeName": "adobe:robohelp", "name": "adobe robohelp", "operator": "eq", "version": "9"}], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM"}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:adobe:robohelp:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:robohelp:9.0.0.228:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:robohelp:9:*:*:*:*:*:*:*"], "cwe": ["CWE-200"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:robohelp:9:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:robohelp:9.0.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:robohelp:9.0.0.228:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"openvas": [{"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1035"], "description": "This host is installed with Adobe Robo help\n server and is prone to information disclosure vulnerability.", "modified": "2018-11-12T00:00:00", "published": "2016-04-18T00:00:00", "id": "OPENVAS:1361412562310807673", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807673", "type": "openvas", "title": "Adobe Robo Help Server Security Hotfix APSB16-12 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_robo_help_server_apsb16-12_win.nasl 12313 2018-11-12 08:53:51Z asteins $\n#\n# Adobe Robo Help Server Security Hotfix APSB16-12 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:robohelp_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807673\");\n script_version(\"$Revision: 12313 $\");\n script_cve_id(\"CVE-2016-1035\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-12 09:53:51 +0100 (Mon, 12 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-18 16:13:45 +0530 (Mon, 18 Apr 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Robo Help Server Security Hotfix APSB16-12 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Robo help\n server and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to mishandling of SQL queries\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to obtain sensitive information via unspecified vectors.\");\n\n script_tag(name:\"affected\", value:\"Adobe Robo Help Server versions 9.x\n through 9.0.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Apply the hotfix for Adobe Robo Help Server.\n\n - ---\n NOTE: If the patch is already applied, please ignore.\n\n - ---\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/robohelp-server/apsb16-12.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_robohelp_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/RoboHelp/Server/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/robohelp-server/kb/SQL-security-issue.html\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!roboVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:roboVer, test_version:\"9\", test_version2:\"9.0.1\"))\n{\n report = report_fixed_ver(installed_version:roboVer, fixed_version:\"Apply the Hotfix\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-01T05:31:18", "description": "Adobe RoboHelp Server version 9 is installed on the remote host, and\nit is missing a hotfix that resolves Adobe security advisory\nAPSB16-12. It is, therefore, affected by an unspecified SQL injection\nvulnerability due to improper sanitization of user-supplied input\nbefore using it in SQL queries. An unauthenticated, remote attacker\ncan exploit this to inject or manipulate SQL queries on the back-end\ndatabase, resulting in the disclosure of arbitrary data.\n\nNote that Nessus has not attempted to exploit this issue but has\ninstead checked to verify that the vendor-supplied patch has been\napplied.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-04-26T00:00:00", "title": "Adobe RoboHelp Server Unspecified SQLi (APSB16-12)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1035"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:robohelp_server"], "id": "ROBOHELPSERVER_APSB16-12.NASL", "href": "https://www.tenable.com/plugins/nessus/90712", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90712);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2016-1035\");\n script_xref(name:\"IAVB\", value:\"2016-B-0076\");\n\n script_name(english:\"Adobe RoboHelp Server Unspecified SQLi (APSB16-12)\");\n script_summary(english:\"Checks for patched files.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby an unspecified SQL injection vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Adobe RoboHelp Server version 9 is installed on the remote host, and\nit is missing a hotfix that resolves Adobe security advisory\nAPSB16-12. It is, therefore, affected by an unspecified SQL injection\nvulnerability due to improper sanitization of user-supplied input\nbefore using it in SQL queries. An unauthenticated, remote attacker\ncan exploit this to inject or manipulate SQL queries on the back-end\ndatabase, resulting in the disclosure of arbitrary data.\n\nNote that Nessus has not attempted to exploit this issue but has\ninstead checked to verify that the vendor-supplied patch has been\napplied.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/robohelp-server/apsb16-12.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the patch referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1035\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:robohelp_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"robohelp_server_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe RoboHelp Server\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp = \"Adobe RoboHelp Server\";\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nif (version !~ \"^9($|\\.)\")\n audit(AUDIT_INST_VER_NOT_VULN, app, version);\n\n# Connect to the appropriate share.\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, \"smb_session_init\");\n\n# Determine the version of Robo.dll.\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nfile1 = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1WEB-INF\\Resources\\en_US\\ReportResources.xml\", string:path);\nfile2 = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1WEB-INF\\classes\\adobe\\robohelp\\server\\WebAdminGroup.class\", string:path);\nfile3 = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1WEB-INF\\classes\\adobe\\robohelp\\server\\FlexReports\\Report.class\", string:path);\n\nfiles = make_list(file1, file2, file3);\nvuln = FALSE;\n\nforeach file (files)\n{\n rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\n if (rc != 1)\n {\n NetUseDel(close:FALSE);\n debug_print(\"Failed to connect to the '\"+share+\".\");\n continue;\n }\n\n fh = CreateFile(\n file:file,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n );\n\n if (!isnull(fh))\n {\n size = GetFileSize(handle:fh);\n if (size > 0)\n {\n blob = ReadFile(handle:fh, length:size, offset:0);\n if (\"ReportResources.xml\" >< file)\n {\n if ('value=\"Selected area(s) is/are invalid. Please use a valid area on the server\"' >!< blob) vuln = TRUE;\n }\n else\n {\n md5 = hexstr(MD5(blob));\n if (\n \"WebAdminGroup.class\" >< file &&\n md5 == \"4340ad5684e6311a6d212dc773838cb4\"\n ) vuln = TRUE;\n if (\n \"Report.class\" >< file &&\n md5 == \"e9c20634cf6ffc25657c8e8f91edee11\"\n ) vuln = TRUE;\n }\n }\n }\n CloseFile(handle:fh);\n if (vuln) break;\n}\nNetUseDel();\n\n# Report if an issue was found.\nif (vuln)\n{\n report =\n '\\nNessus was able to verify this issue by examining the host for'+\n '\\nthe missing patch. This was verified by using the following file :' +\n '\\n' +\n '\\n' + file + '\\n';\n security_report_v4(extra:report, port:port, severity:SECURITY_WARNING, sqli:TRUE);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}