10 - CVE-2009-3027

Executive Summary

Informations
Name	CVE-2009-3027	First vendor Publication	2009-12-11
Vendor	Cve	Last vendor Modification	2018-10-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3027

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-287	Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7986

Oval ID:	oval:org.mitre.oval:def:7986
Title:	HP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of Privilege
Description:	VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3027	Version:	10
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02480 HP-UX B.11.31 AND VRTSweb.VRTSWEB is installed AND NOT Patch PHCO_40519 and PHCO_40520 are installed Patch PHCO_40519 is installed AND Patch PHCO_40520 is installed OR Criteria meets HP Security Bulletin HPSBUX02480 HP Release B.11.23 AND VRTSweb.VRTSWEB is installed AND NOT Patch PHCO_40518 is installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Symantec Backup Exec Continuous Protection Server cpe:2.3:a:symantec:backup_exec_continuous_protection_server:12.5:::::::* cpe:2.3:a:symantec:backup_exec_continuous_protection_server:12.0:::::::* cpe:2.3:a:symantec:backup_exec_continuous_protection_server:11d:::::::*	3
Application	Symantec Veritas Application Director cpe:2.3:a:symantec:veritas_application_director:1.1::platform_expansion::::: cpe:2.3:a:symantec:veritas_application_director:1.1:::::::*	2
Application	Symantec Veritas Backup Exec cpe:2.3:a:symantec:veritas_backup_exec:12.5:::::::* cpe:2.3:a:symantec:veritas_backup_exec:12.0:::::::* cpe:2.3:a:symantec:veritas_backup_exec:11d:::::::*	3
Application	Symantec Veritas Cluster Server cpe:2.3:a:symantec:veritas_cluster_server:5.0::hp-ux::::: cpe:2.3:a:symantec:veritas_cluster_server:5.0::aix::::: cpe:2.3:a:symantec:veritas_cluster_server:5.0::solaris::::: cpe:2.3:a:symantec:veritas_cluster_server:5.0::linux::::: cpe:2.3:a:symantec:veritas_cluster_server:4.1::linux::::: cpe:2.3:a:symantec:veritas_cluster_server:4.1::solaris::::: cpe:2.3:a:symantec:veritas_cluster_server:4.1::hp-ux::::: cpe:2.3:a:symantec:veritas_cluster_server:4.0::linux::::: cpe:2.3:a:symantec:veritas_cluster_server:4.0::aix::::: cpe:2.3:a:symantec:veritas_cluster_server:3.5::hp-ux:::::	10
Application	Symantec Veritas Cluster Server Management Console cpe:2.3:a:symantec:veritas_cluster_server_management_console:5.5.1:::::::* cpe:2.3:a:symantec:veritas_cluster_server_management_console:5.5:::::::* cpe:2.3:a:symantec:veritas_cluster_server_management_console:5.1:::::::*	3
Application	Symantec Veritas Cluster Server One cpe:2.3:a:symantec:veritas_cluster_server_one:2.0.2:::::::* cpe:2.3:a:symantec:veritas_cluster_server_one:2.0.1:::::::* cpe:2.3:a:symantec:veritas_cluster_server_one:2.0:::::::*	3
Application	Symantec Veritas Command Central Enterprise Reporter cpe:2.3:a:symantec:veritas_command_central_enterprise_reporter:5.1:::::::* cpe:2.3:a:symantec:veritas_command_central_enterprise_reporter:5.0mp1rp1:::::::* cpe:2.3:a:symantec:veritas_command_central_enterprise_reporter:5.0mp1:::::::* cpe:2.3:a:symantec:veritas_command_central_enterprise_reporter:5.0_ga:::::::*	4
Application	Symantec Veritas Command Central Storage cpe:2.3:a:symantec:veritas_command_central_storage:5.1:::::::* cpe:2.3:a:symantec:veritas_command_central_storage:5.0:::::::* cpe:2.3:a:symantec:veritas_command_central_storage:4.x:::::::*	3
Application	Symantec Veritas Command Central Storage Change Manager cpe:2.3:a:symantec:veritas_command_central_storage_change_manager:5.1:::::::* cpe:2.3:a:symantec:veritas_command_central_storage_change_manager:5.0:::::::*	2
Application	Symantec Veritas Micromeasure cpe:2.3:a:symantec:veritas_micromeasure:5.0:::::::*	1
Application	Symantec Veritas Netbackup Operations Manager cpe:2.3:a:symantec:veritas_netbackup_operations_manager:6.5.5:::::::* cpe:2.3:a:symantec:veritas_netbackup_operations_manager:6.0_ga:::::::*	2
Application	Symantec Veritas Netbackup Reporter cpe:2.3:a:symantec:veritas_netbackup_reporter:6.6:::::::* cpe:2.3:a:symantec:veritas_netbackup_reporter:6.0_ga:::::::*	2
Application	Symantec Veritas Storae Foundation cpe:2.3:a:symantec:veritas_storae_foundation:3.5_onwards:::::::*	1
Application	Symantec Veritas Storage Foundation cpe:2.3:a:symantec:veritas_storage_foundation:3.5:::::::*	1
Application	Symantec Veritas Storage Foundation Cluster File System cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:5.0::hp-ux::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:5.0::solaris::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:5.0::aix::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:5.0::linux::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.1::linux::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.1::hp-ux::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.1::solaris::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.1::aix::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.0::hp-ux::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.0::solaris::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.0::aix::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.0::linux::::: cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:3.5::hp-ux:::::	13
Application	Symantec Veritas Storage Foundation Cluster File System For Oracle Rac cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.0::linux:::::	1
Application	Symantec Veritas Storage Foundation For Db2 cpe:2.3:a:symantec:veritas_storage_foundation_for_db2:5.0::aix::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_db2:5.0::solaris::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_db2:5.0::linux::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_db2:4.1::solaris::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_db2:4.1::linux:::::	5
Application	Symantec Veritas Storage Foundation For High Availability cpe:2.3:a:symantec:veritas_storage_foundation_for_high_availability:3.5:::::::*	1
Application	Symantec Veritas Storage Foundation For Oracle cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle:5.0.1:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle:5.0:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle:4.1:::::::*	3
Application	Symantec Veritas Storage Foundation For Oracle Real Application Cluster cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:5.0::solaris::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:5.0::hp-ux::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:5.0::aix::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:5.0::linux::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:5.0:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:4.1::solaris::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:4.1:hp-ux:::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:4.1::linux::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:4.0::linux::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:4.0::aix::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:3.5::hp-ux:::::	11
Application	Symantec Veritas Storage Foundation For Sybase cpe:2.3:a:symantec:veritas_storage_foundation_for_sybase:5.0::solaris::::: cpe:2.3:a:symantec:veritas_storage_foundation_for_sybase:4.1::solaris:::::	2
Application	Symantec Veritas Storage Foundation For Windows High Availability cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:5.1ap1:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:5.1:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:5.0rp2:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:5.0rp1a:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:5.0:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:4.3mp2:::::::*	6
Application	Symantec Veritas Storage Foundation Manager cpe:2.3:a:symantec:veritas_storage_foundation_manager:2.0:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_manager:1.1.1win:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_manager:1.1.1ux:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_manager:1.1:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_manager:1.0mp1:::::::* cpe:2.3:a:symantec:veritas_storage_foundation_manager:1.0:::::::*	6

Open Source Vulnerability Database (OSVDB)

Id	Description
60884	Symantec Multiple Products VRTSweb Component Crafted Request Arbitrary Code E...

Snort® IPS/IDS

Date	Description
2014-01-10	Symantic multiple products VRTSweb code execution RuleID : 21407 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2009-12-14	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHCO_40518.nasl - Type : ACT_GATHER_INFO
2009-12-14	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHCO_40519.nasl - Type : ACT_GATHER_INFO
2009-12-14	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHCO_40520.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/37012
BUGTRAQ	http://www.securityfocus.com/archive/1/508358/100/0/threaded
CONFIRM	http://seer.entsupport.symantec.com/docs/336988.htm http://seer.entsupport.symantec.com/docs/337279.htm http://seer.entsupport.symantec.com/docs/337293.htm http://seer.entsupport.symantec.com/docs/337392.htm http://seer.entsupport.symantec.com/docs/337859.htm http://seer.entsupport.symantec.com/docs/337930.htm http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=secu...
HP	http://marc.info/?l=bugtraq&m=126046186917330&w=2
MISC	http://www.zerodayinitiative.com/advisories/ZDI-09-098/
OSVDB	http://www.osvdb.org/60884
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK	http://securitytracker.com/id?1023309 http://securitytracker.com/id?1023312 http://www.securitytracker.com/id?1023311 http://www.securitytracker.com/id?1023313 http://www.securitytracker.com/id?1023318
SECUNIA	http://secunia.com/advisories/37631 http://secunia.com/advisories/37637 http://secunia.com/advisories/37685
VUPEN	http://www.vupen.com/english/advisories/2009/3467 http://www.vupen.com/english/advisories/2009/3483
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/54665

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:10:03	Multiple Updates
2021-04-22 01:10:26	Multiple Updates
2020-05-23 00:24:16	Multiple Updates
2019-03-18 12:02:12	Multiple Updates
2018-10-11 00:19:41	Multiple Updates
2017-09-19 09:23:22	Multiple Updates
2017-08-17 09:22:42	Multiple Updates
2016-04-26 19:04:42	Multiple Updates
2014-02-17 10:51:27	Multiple Updates
2014-01-19 21:26:09	Multiple Updates
2013-05-10 23:56:20	Multiple Updates
2013-02-07 13:19:36	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	88
Sources(s)	24
osvdb(s)	1
Snort® Rule(s)	1
Nessus® Exploit(s)	3

	Related
10	HPSBUX02480 SSR...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

10 - CVE-2009-3027

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU