2.1 CVE-2011-3198

Domain Technologie Control (DTC) avant 0.34.1 inclut un mot de passe dans l'argument de ligne de commande -b de htpasswd, ce qui pourrait permettre aux utilisateurs locaux de lire le mot de passe en listant le processus et ses arguments.
https://nvd.nist.gov/vuln/detail/CVE-2011-3198

Catégories

CWE-255

Références

CONFIRM

http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637537

DEBIAN

DSA-2365

_MLIST

[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc
[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.4:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.9:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.14:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.15:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.16:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.17:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.18:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.20:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.4:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.5:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.7:::::::*
cpe:2.3:a:gplhost:domain_technologie_control::::::::		<= 0.32.11

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
Pas d'exploit connu

Autres (github, ...)

Url
Pas d'exploit connu

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	sévérité
Pas d'entrée

MITRE

Sherlock® flash

Prenez une photo de votre réseau informatique en quelques clics !

La solution d'audit Sherlock® flash vous permet de réaliser un audit pour renforcer la sécurité de votre parc informatique. Analyse des vulnérabilités de vos équipements physiques et virtuels. Planification des correctifs par niveau de priorité et temps disponible. Rapports détaillés et intuitifs.

Découvrir cette offre

Sherlock® flash : 1ère solution d'audit de cybersécurité instantané

cpe	start	end
Configuration 1
cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.4:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.9:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.14:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.15:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.16:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.17:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.8:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.10:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.18:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.20:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.1:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.2:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.3:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.4:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.5:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.6:::::::*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.7:::::::*
cpe:2.3:a:gplhost:domain_technologie_control::::::::		<= 0.32.11