CVE-2022-25355 - OpenCVE

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ec-cube	Ec-cube

Configuration 1 [-]

OR	cpe:2.3:a:ec-cube:ec-cube::::::::
	cpe:2.3:a:ec-cube:ec-cube::::::::
	cpe:2.3:a:ec-cube:ec-cube:3.0.18:-::::::
	cpe:2.3:a:ec-cube:ec-cube:3.0.18:p1::::::
	cpe:2.3:a:ec-cube:ec-cube:3.0.18:p2::::::
	cpe:2.3:a:ec-cube:ec-cube:3.0.18:p3::::::

References

Link	Resource
https://jvn.jp/en/jp/JVN53871926/index.html	Third Party Advisory
https://www.ec-cube.net/info/weakness/20220221/	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2022-02-24T09:50:35

Updated: 2022-02-24T09:50:35

Reserved: 2022-02-20T00:00:00

Link: CVE-2022-25355

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-24T15:15:31.490

Modified: 2023-08-08T14:22:24.967

Link: CVE-2022-25355

JSON object: View

Redhat Information

No data.

CWE

CWE-913

{"containers": {"cna": {"affected": [{"product": "EC-CUBE 3 series and EC-CUBE 4 series", "vendor": "EC-CUBE CO.,LTD.", "versions": [{"status": "affected", "version": "EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1"}]}], "descriptions": [{"lang": "en", "value": "EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users."}], "problemTypes": [{"descriptions": [{"description": "Improper Control of Dynamically-Managed Code Resources", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-24T09:50:35", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.ec-cube.net/info/weakness/20220221/"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN53871926/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2022-25355", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EC-CUBE 3 series and EC-CUBE 4 series", "version": {"version_data": [{"version_value": "EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1"}]}}]}, "vendor_name": "EC-CUBE CO.,LTD."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Control of Dynamically-Managed Code Resources"}]}]}, "references": {"reference_data": [{"name": "https://www.ec-cube.net/info/weakness/20220221/", "refsource": "MISC", "url": "https://www.ec-cube.net/info/weakness/20220221/"}, {"name": "https://jvn.jp/en/jp/JVN53871926/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN53871926/index.html"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2022-25355", "datePublished": "2022-02-24T09:50:35", "dateReserved": "2022-02-20T00:00:00", "dateUpdated": "2022-02-24T09:50:35", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ec-cube:ec-cube:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CB1CDC4-2EB3-4003-B9C2-A2B0819685C4", "versionEndExcluding": "3.0.18", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ec-cube:ec-cube:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C0209A3-AECC-4511-AE7A-9D238C3A24B1", "versionEndIncluding": "4.1.1", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ec-cube:ec-cube:3.0.18:-:*:*:*:*:*:*", "matchCriteriaId": "8D6A3FBD-7161-461D-B165-E3BCA42BBB2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ec-cube:ec-cube:3.0.18:p1:*:*:*:*:*:*", "matchCriteriaId": "10F6D9C1-B4F3-44D8-B266-787DA62228E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ec-cube:ec-cube:3.0.18:p2:*:*:*:*:*:*", "matchCriteriaId": "B10AA450-F786-4AFD-9F26-9B2E2D57C5C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ec-cube:ec-cube:3.0.18:p3:*:*:*:*:*:*", "matchCriteriaId": "8D30A28C-609A-4B6F-B257-7A577133A9FE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users."}, {"lang": "es", "value": "EC-CUBE versiones 3.0.0 a 3.0.18-p3 y EC-CUBE versiones 4.0.0 a 4.1.1, manejan inapropiadamente los valores del encabezado HTTP Host, lo que puede conllevar a que un atacante remoto no autenticado dirija la versi\u00f3n vulnerable de EC-CUBE para enviar un correo electr\u00f3nico con alguna URL de reemisi\u00f3n de contrase\u00f1a falsificada a usuarios de EC-CUBE"}], "id": "CVE-2022-25355", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-24T15:15:31.490", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN53871926/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.ec-cube.net/info/weakness/20220221/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-913"}], "source": "nvd@nist.gov", "type": "Primary"}]}