CVE-2010-2232 - OpenCVE

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Derby

Configuration 1 [-]

OR	cpe:2.3:a:apache:derby:10.1.2.1:::::::*
	cpe:2.3:a:apache:derby:10.2.2.0:::::::*
	cpe:2.3:a:apache:derby:10.3.1.4:::::::*
	cpe:2.3:a:apache:derby:10.4.1.3:::::::*

References

Link	Resource
http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925	Issue Tracking Patch Vendor Advisory
http://www.securityfocus.com/bid/101562
https://issues.apache.org/jira/browse/DERBY-2925	Release Notes Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2017-10-23T13:00:00

Updated: 2017-10-26T09:57:01

Reserved: 2010-06-09T00:00:00

Link: CVE-2010-2232

JSON object: View

NVD Information

Status : Modified

Published: 2017-10-23T13:29:00.233

Modified: 2017-10-27T01:29:00.213

Link: CVE-2010-2232

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "Apache Derby", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3"}]}], "datePublic": "2010-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-26T09:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/DERBY-2925"}, {"name": "101562", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101562"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2010-2232", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Derby", "version": {"version_data": [{"version_value": "10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://issues.apache.org/jira/browse/DERBY-2925", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/DERBY-2925"}, {"name": "101562", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101562"}, {"name": "http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925", "refsource": "CONFIRM", "url": "http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2010-2232", "datePublished": "2017-10-23T13:00:00", "dateReserved": "2010-06-09T00:00:00", "dateUpdated": "2017-10-26T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:derby:10.1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BF090933-1AC8-4B23-94AE-C9AD0F6372B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:derby:10.2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "87FD448A-3CDB-4B4E-8E69-5AAD8E5C1835", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:derby:10.3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "DBA7854C-082B-44D0-ABFD-B3E35D0678A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:derby:10.4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A526BD06-DB2B-4B91-8DBD-10CCF21695D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file."}, {"lang": "es", "value": "En Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4 y 10.4.1.3, el procesamiento de Export puede permitir que un atacante sobrescriba un archivo existente."}], "id": "CVE-2010-2232", "lastModified": "2017-10-27T01:29:00.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-23T13:29:00.233", "references": [{"source": "security@apache.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925"}, {"source": "security@apache.org", "url": "http://www.securityfocus.com/bid/101562"}, {"source": "security@apache.org", "tags": ["Release Notes", "Patch", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/DERBY-2925"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}