• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

    Vulnerability Summary for CVE-2016-2340

    Original release date: 03/25/2016

    Last revised: 03/28/2016

    Source: US-CERT/NIST

     

    Overview

    The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

     

    Description

    CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

     

    Impact

    CVSS Severity (version 3.0):

    CVSS v3 Base Score: 5.4 Medium

    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

    Impact Score: 2.5

    Exploitability Score: 2.8

     

    CVSS Version 3 Metrics:

    Attack Vector (AV): Network

    Attack Complexity (AC): Low

    Privileges Required (PR): Low

    User Interaction (UI): None

    Scope (S): Unchanged

    Confidentiality (C): Low

    Integrity (I): None

    Availability (A): Low

     

    CVSS Severity (version 2.0):

    CVSS v2 Base Score: 5.5 MEDIUM

    Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P) (legend)

    Impact Subscore: 4.9

    Exploitability Subscore: 8.0

     

    CVSS Version 2 Metrics:

    Access Vector: Network exploitable

    Access Complexity: Low

    Authentication: Required to exploit

    Impact Type: Allows unauthorized disclosure of information; Allows disruption of service

     

    References to Advisories, Solutions, and Tools

    By selecting these links, you will be leaving Trojan Horse Security's webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. Trojan Horse Security does not necessarily endorse the views expressed, or concur with the facts presented on these sites or accuracy. Trojan Horse Security will not be held responsible or liable for any reason Further, Trojan Horse Security does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to ContactUs@TrojanHorseSecurity.com

     

    US-CERT Vulnerability Note: CERT-VN

    Name: VU#279472

    Type: Advisory; Patch Information

    Hyperlink: http://www.kb.cert.org/vuls/id/279472

     

    Vulnerable software and versions

    + Configuration 1+ OR* cpe:/a:graniteds:granite_data_services:3.1.1-snapshot

    * Denotes Vulnerable Software
    Changes related to vulnerability configurations

     

    Technical Details

    Vulnerability Type (View All)

    • Other (NVD-CWE-Other)

    CVE Standard Vulnerability Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2340

     

    Change History 1 change record found - show changes >>>

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More