Vulnerability CVE-2015-2278

Vulnerability Name:

CVE-2015-2278 (CCN-103235)

Assigned:

2015-05-13

Published:

2015-05-13

Updated:

2018-10-09

Summary:

The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2015-2278

Source: MISC
Type: Exploit
http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html

Source: CCN
Type: BugTraq Mailing List, Wed, 13 May 2015 13:33:29 -0300
SAP LZC/LZH Compression Multiple Vulnerabilities

Source: FULLDISC
Type: Exploit
20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities

Source: FULLDISC
Type: Exploit
20150522 SAP Security Notes May 2015

Source: MISC
Type: Exploit
http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities

Source: CCN
Type: SAP Web site
Netweaver

Source: BUGTRAQ
Type: UNKNOWN
20150513 [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
74643

Source: CCN
Type: BID-74643
Multiple SAP Products Buffer Overflow and Denial of Service Vulnerabilities

Source: XF
Type: UNKNOWN
sap-cve20152278-bo(103235)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sap:gui:-:*:*:*:*:*:*:*

OR cpe:/a:sap:maxdb:7.5:*:*:*:*:*:*:*

OR cpe:/a:sap:maxdb:7.6:*:*:*:*:*:*:*

OR cpe:/a:sap:netweaver_abap_application_server:-:*:*:*:*:*:*:*

OR cpe:/a:sap:netweaver_java_application_server:-:*:*:*:*:*:*:*

OR cpe:/a:sap:netweaver_rfc_sdk:-:*:*:*:*:*:*:*

OR cpe:/a:sap:rfc_library:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sap:netweaver:7.0:*:*:*:*:*:*:*

OR cpe:/a:sap:hana:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20152278	V	CVE-2015-2278	2022-09-02
oval:org.opensuse.security:def:3461	P	cron-4.2-59.10.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95091	P	clamsap-0.101.9-4.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:970	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:969	P	Security update for flac (Moderate)	2022-03-14
oval:org.opensuse.security:def:32251	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:39954	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:1492	P	Security update for postgresql12 (Important)	2021-11-22
oval:org.opensuse.security:def:1491	P	Security update for java-11-openjdk (Important)	2021-11-16
oval:org.opensuse.security:def:1490	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:64611	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:39271	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:94189	P	(Important)	2021-10-15
oval:org.opensuse.security:def:39996	P	Security update for apache2 (Important)	2021-09-27
oval:org.opensuse.security:def:32194	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:71398	P	strongswan-5.6.0-2.43 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71285	P	libnewt0_52-0.52.20-5.35 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:68045	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP1) (Important)	2021-08-17
oval:org.opensuse.security:def:14837	P	augeas-1.10.1-2.6 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47490	P	res-signingkeys-3.0.25-48.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14984	P	libdjvulibre21-3.5.25.3-5.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47506	P	stunnel-5.00-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15122	P	mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47952	P	apache2-mod_nss-1.0.14-19.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47819	P	libz1-1.2.11-1.27 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48191	P	libsmi-0.4.8-18.55 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15224	P	xfsprogs-4.15.0-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47491	P	rpcbind-0.2.3-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14933	P	java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47492	P	rpm-32bit-4.11.2-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15028	P	libmms0-0.6.2-15.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47820	P	libzip2-0.11.1-13.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47626	P	gnome-shell-search-provider-nautilus-3.20.3-23.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48192	P	libsndfile1-1.0.25-36.16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48043	P	hyper-v-7-7.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15208	P	u-boot-rpi3-2019.01-3.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14829	P	apache2-2.4.23-29.43.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14863	P	cups-filters-1.0.58-19.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15004	P	libical1-1.0.1-16.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47627	P	gnutls-3.3.27-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15149	P	perl-Tk-804.031-5.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47505	P	strongswan-5.1.3-25.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48044	P	ibus-1.5.13-15.11.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47951	P	apache2-mod_jk-1.2.40-7.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15197	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:2048	P	clamsap-0.101.9-4.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63137	P	clamsap-0.101.9-4.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100902	P	libcontainers-common-20200727-3.12.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:66858	P	Security update for the Linux Kernel (Important)	2021-07-13
oval:org.opensuse.security:def:48405	P	dovecot22-2.2.13-2.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48617	P	rsync-3.1.0-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15885	P	python3-devel-3.4.1-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48551	P	libspice-client-glib-2_0-8-0.31-7.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48718	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48406	P	dracut-044-87.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48552	P	libsqlite3-0-3.8.10.2-3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48719	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48647	P	wpa_supplicant-2.2-14.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15862	P	libxml2-devel-2.9.1-10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48489	P	libecpg6-9.4.9-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48648	P	xalan-j2-2.7.0-264.38 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48616	P	rpm-4.11.2-15.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48490	P	libevent-2_0-5-2.0.21-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32101	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:64698	P	Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important)	2021-06-01
oval:org.opensuse.security:def:66766	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:70214	P	Security update for python-Pygments (Important)	2021-05-04
oval:org.opensuse.security:def:2047	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117126	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63136	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107568	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2045	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63134	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:90025	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2046	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63135	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103680	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31969	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:73431	P	libkpathsea6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38936	P	typelib-1_0-EvinceDocument-3_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28652	P	Security update for curl	2020-12-01
oval:org.opensuse.security:def:28074	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32550	P	libexif on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38453	P	procmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28299	P	Security update for netatalk (Important)	2020-12-01
oval:org.opensuse.security:def:49932	P	clamsap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32638	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28553	P	Security update for flash-player	2020-12-01
oval:org.opensuse.security:def:49877	P	java-1_8_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38548	P	at on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29290	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:31895	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:38846	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28608	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:33381	P	Security update for clamsap (Moderate)	2020-12-01
oval:org.opensuse.security:def:27870	P	Security update for python-lxml	2020-12-01
oval:org.opensuse.security:def:39155	P	cyrus-sasl-digestmd5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27946	P	Security update for GraphicsMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32494	P	cifs-mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49933	P	clamsap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31883	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:28215	P	Security update for libpng12-0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:39243	P	Security update for salt (Important)	2020-12-01
oval:org.opensuse.security:def:73549	P	clamsap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32599	P	qt3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49878	P	java-1_8_0-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28504	P	Security update for openssh-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38464	P	python-requests on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32704	P	libapr1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27871	P	Security update for python-setuptools	2020-12-01
oval:org.opensuse.security:def:38788	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28592	P	Security update for openssl-certs	2020-12-01
oval:org.opensuse.security:def:67945	P	open-vm-tools-desktop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33342	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:39096	P	libSoundTouch0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27882	P	Security update for rubygem-activesupport-3_2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32338	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:38452	P	ppp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29326	P	Security update for clamsap (Moderate)	2020-12-01
oval:org.opensuse.security:def:28158	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:39204	P	libplist++3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49879	P	libopenssl-1_0_0-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28451	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:39316	P	Security update for java-1_6_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31884	P	Security update for dosfstools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32660	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49931	P	clamsap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70109	P	libpango-1_0-0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38685	P	libjavascriptcoregtk-3_0-0 on GA media (Moderate)	2020-12-01

BACK