https://h20564.www2.hpe.com/
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03770en_us
Version: 1
HPESBHF03770 rev.1 - HPE Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat, Remote Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-08-21
Last Updated: 2017-08-21
Potential Security Impact: Remote: Arbitrary Code Execution
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat. The vulnerability known as "httpoxy" could be remotely exploited to execute arbitrary code.
References:
- CVE-2016-5385 - PHP
- CVE-2016-5386 - Go
- CVE-2016-5387 - Apache Http Server
- CVE-2016-5388 - Tomcat
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- Comware v7 (CW7) Products V7
BACKGROUND
CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-5385
5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5386
5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-5387
5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5388
5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/
RESOLUTION
HPE has made the following software updates available to resolve the vulnerability in the Comware 7 MSR Router products:
+ **MSR1000 (Comware 7) - Version: Fixed in R0605P13 Release**
* HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
* CVE's/ZDI's
- CVE-2016-5385
- CVE-2016-5386
- CVE-2016-5387
- CVE-2016-5388
+ **MSR2000 (Comware 7) - Version: Fixed in R0605P13 Release**
* HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
* CVE's/ZDI's
- CVE-2016-5385
- CVE-2016-5386
- CVE-2016-5387
- CVE-2016-5388
+ **MSR3000 (Comware 7) - Version: Fixed in R0605P13 Release**
* HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- JG409B HPE MSR3012 AC Router
* CVE's/ZDI's
- CVE-2016-5385
- CVE-2016-5386
- CVE-2016-5387
- CVE-2016-5388
+ **MSR4000 (Comware 7) - Version: Fixed in R0605P13 Release**
* HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
* CVE's/ZDI's
- CVE-2016-5385
- CVE-2016-5386
- CVE-2016-5387
- CVE-2016-5388
+ **MSR95X (Comware 7) - Version: Fixed in R0605P13 Release**
* HP Network Products
- JH296A HPE MSR954 1GbE SFP 2GbE-WAN 4GbE-LAN CWv7 Router
- JH297A HPE MSR954-W 1GbE SFP (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n
CWv7 Router
- JH298A HPE MSR954-W 1GbE SFP LTE (AM) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
- JH299A HPE MSR954-W 1GbE SFP LTE (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
- JH300A HPE FlexNetwork MSR958 1GbE and Combo 2GbE WAN 8GbE LAN Router
- JH301A HPE FlexNetwork MSR958 1GbE and Combo 2GbE WAN 8GbE LAN PoE Router
- JH373A HPE MSR954 Serial 1GbE Dual 4GLTE (WW) CWv7 Router
* CVE's/ZDI's
- CVE-2016-5385
- CVE-2016-5386
- CVE-2016-5387
- CVE-2016-5388
*Note:* Please contact support for any questions about this document
HISTORY
Version:1 (rev.1) - 21 August 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported
product:
Web form: https://www.hpe.com/info/
Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Komentarų nėra:
Rašyti komentarą