{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"3Com Network Supervisor 5.x.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"3Com Network Director 2.x ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"3Com Network Director 1.x ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\n3Com Network Supervisor et Director sont des outils d'administration\nr\u00e9seau.\n\nLa vuln\u00e9rabilit\u00e9 est caus\u00e9e par une erreur dans le traitement des\nrequ\u00eates HTTP destin\u00e9es au serveur Web interne. Une personne\nmalveillante peut, au moyen de requ\u00eates HTTP malicieusement constitu\u00e9es,\n\u00e0 destination du 21700/tcp, porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9e hors de la racine du serveur web.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 la section Documentation pour l'obtention des correctifs.\n","cves":[],"links":[{"title":"Mise \u00e0 jour ``3Com Network Director 1.0 Critical Update 1''    pour version initiale et Service Pack 1 :","url":"http://support.3com.com/software/3Com_network_director_v1_0_sp0_1_cu1.exe"},{"title":"Site Internet de l'\u00e9diteur :","url":"http://www.3com.fr"},{"title":"Mise \u00e0 jour ``3Com Network Supervisor 5.1 Critical Update    1'' :      http://support.3com.com/software/3Com_network_supervisor_v5_1_cu1.exe","url":"http://support.3com.com/software/3Com_network_director_v5_1_cu1.exe"},{"title":"Mise \u00e0 jour ``3Com Network Director 1.0 Critical Update 1''    pour Service Pack 2 & 3 :","url":"http://support.3com.com/software/3Com_network_director_v1_0_sp2_3_cu1.exe"},{"title":"Mise \u00e0 jour ``3Com Network Director 2.0 Critical Update 1''    :","url":"http://support.3com.com/software/3Com_network_director_v2_0_cu1.exe"}],"reference":"CERTA-2005-AVI-330","revisions":[{"description":"version initiale.","revision_date":"2005-09-05T00:00:00.000000"}],"risks":[{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"Une vuln\u00e9rabilit\u00e9 de type \"travers\u00e9e d'arborescence\", d\u00e9couverte dans\nl'application 3Com Network Supervisor permet \u00e0 un utilisateur mal\nintentionn\u00e9, pr\u00e9sent sur le r\u00e9seau local, de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n","title":"Vuln\u00e9rabilit\u00e9 de 3Com Network Supervisor","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 iDEFENSE #300 du 01 septembre 2005","url":"http://www.idefense.com/application/poi/display?id=300"}]}