urlscan.io logo urlscan.io
SecurityTrails logo

support.hpe.com Open in urlscan Pro
16.230.116.160  Public Scan

Back to summary
Submitted URL: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
Effective URL: https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c05247375
Submission: On January 22 via api from FR — Scanned from FR

Form analysis 1 forms found in the DOM

Name: hpehf-search-form https://www.hpe.com/fr/fr/search-results.html?page=1&q=&autocomplete=0

<form name="hpehf-search-form" accept-charset="utf-8" action="https://www.hpe.com/fr/fr/search-results.html?page=1&amp;q=&amp;autocomplete=0" class="hpehf-search-form hpehf-centered-content"><input type="text" id="hpehf-search-input"
    class="hpehf-search-input js-search-field" placeholder="Rechercher" name="q" autocomplete="off"
    spellcheck="false"><a href="javascipt:void(0);" id="hpehf-search-submit" title="Rechercher" aria-label="Rechercher"><svg width="24" height="24" focusable="false" viewBox="0 0 24 24" fill="#000" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.5,0C4.7,0,0,4.7,0,10.5C0,16.3,4.7,21,10.5,21c2.5,0,4.8-0.9,6.6-2.3l5.3,5.3l1.6-1.6l-5.3-5.3 c1.5-1.8,2.3-4.1,2.3-6.6C21,4.7,16.3,0,10.5,0z M1.9,10.6c0-4.8,3.8-8.6,8.6-8.6c4.7,0,8.6,3.9,8.6,8.6c0,4.8-3.8,8.6-8.6,8.6 C5.7,19.2,1.9,15.3,1.9,10.6z"></path></svg></a><a href="javascript:void(0);" class="hpehf-srch-menu-close hpehf-close-btn" title="Fermer" aria-label="Fermer"><svg width="24" height="24" focusable="false" viewBox="0 0 24 24" fill="#000" xmlns="http://www.w3.org/2000/svg"><polygon points="21.8,23.4 12,13.7 2.2,23.4 0.6,21.8 10.3,12 0.6,2.2 2.2,0.6 12,10.3 21.8,0.6 23.4,2.2 13.7,12 23.4,21.8 "></polygon></svg><span class="hpehf-srch-close-text">Fermer</span></a>
</form>

Text Content

Ce site utilise des cookies. Si certains cookies sont nécessaires au
fonctionnement du site, vous pouvez toutefois activer d'autres cookies non
essentiels pour personnaliser et améliorer votre expérience. Pour en savoir
plus, veuillez consulter notre Déclaration de confidentialité.
Cookies optionnels
Oui

Non

   
 * 
   

Panier
Fermer


Fermer
 * HPE GreenLake
   

Consoles cloud
 * HPE GreenLake Central
   
 * Services de données
   
 * Gestion des opérations de calcul
   
 * Aruba Central
   

Administration de HPE GreenLake
 * Gérer le compte
   
 * Gérer les appareils
   

HPE Resources
 * Centre de support HPE
   
 * HPE Financial Services
   
 * HPE Developer Community
   
 * Communautés HPE
   


Fermer

 * Sign Out
   

Fermer

 * HPE GreenLake
 * Produits
 * Support
 * Contact

 * Tableau de bord
 * Applications
 * Devices
 * Gérer

   
 * France (FR)
   






CENTRE D'ASSISTANCE


Passer au contenu principal
Basculement du menu

 * Page d'accueil
   
   Page d'accueil
    * Centre d'assistance HPE
    * Espace de travail

 * Gérer
   
   Gérer
    * Créer un dossier
    * Mes dossiers
    * Mes contrats
    * Crédits de service

 * Services
   
   Services
    * HPE GreenLake
    * HPE Pointnext Complete Care
    * HPE Datacenter Care
    * HPE Pointnext Tech Care
    * HPE Proactive Care Advanced
    * HPE Proactive Care
    * HPE Foundation Care

 * Produits
   
   Produits
    * Mes produits
    * HPE InfoSight
    * HPE GreenLake Central
    * S'inscrire aux alertes de produit

 * Téléchargements
   
   Téléchargements
    * Trouver des pilotes et logiciels
    * Mon HPE Software Center
    * Gestion des correctifs

 * Connaissances
   
   Connaissances
    * Trouver des documents
    * Résolutions courantes
    * Tech Tips
    * QuickSpecs
    * Manuels
    * Bulletins de sécurité
    * Vidéos
    * Forums

 * Ressources
   
   Ressources
    * Vos informations
    * Vérification de garantie
    * Portail d'assistance HPE Aruba
    * Mon référentiel de documents
    * Mots de passe de diagnostic
    * Importer/Exporter des données de classification
    * Forums communautaires HPE
    * Valider les pièces d’équipement
    * iLO Amplifier Pack





CENTRE D'ASSISTANCE

2

Vous avez 2 nouvelles notifications.


 * Mode sombre
   
 * 
   France - Français
 * Connexion

Rechercher dans l'assistance HPE




Manage privacy and data collection on HPE.com


Anglais
AnglaisJaponais
0 résultat(s) trouvé(s)

Aucun résultat n'a été trouvé


HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System
(vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information,
Remote Denial of Service (DoS), Remote Disclosure of Information
SECURITY BULLETIN

Document ID: c05247375

Version: 1

HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System
(vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information,
Remote Denial of Service (DoS), Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.

Release Date: 2016-08-29

Last Updated: 2016-08-29

--------------------------------------------------------------------------------

Potential Security Impact: Remote Denial of Service (DoS), Disclosure of
Information, Unauthorized Modification Of Information

Source: Hewlett Packard Enterprise, HPE Product Security Response Team


VULNERABILITY SUMMARY

Potential vulnerabilities have been identified in the lighttpd and OpenSSH
version used in HPE Remote Device Access: Virtual Customer Access System (vCAS).
These vulnerabilities could be exploited remotely resulting in unauthorized
modification of information, denial of service (DoS), and disclosure of
information.

References:
 * CVE-2015-3200
 * CVE-2016-0777
 * CVE-2016-0778
 * PSRT110211


SUPPORTED SOFTWARE VERSIONS*: ONLY IMPACTED VERSIONS ARE LISTED.

HPE Remote Device Access: Virtual Customer Access System (vCAS) - v15.07 (RDA
8.1) and earlier.


BACKGROUND

CVSS Version 3.0 and Version 2.0 Base Metrics
Reference
V3 Vector
V3 Base Score
V2 Vector
V2 Base Score
CVE-2015-3200
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
5.0
CVE-2016-0777
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
4.0
CVE-2016-0778
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
6.5

Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002


RESOLUTION

HPE has made the following updates available to resolve the vulnerabilities in
Remote Device Access: Virtual Customer Access System (vCAS)

 * vCAS 16.05 (RDA 8.7) kits - hp-rdacas-16.05-10482-vbox.ova and
   hp-rdacas-16.05-10482.ova.
   
    * The Oracle VirtualBox kit is available at:
      https://h20529.www2.hpe.com/apt/hp-rdacas-16.05-10482-vbox.ova
   
    * The VMware ESX(i) and VMware Player kit is available at:
      https://h20529.www2.hpe.com/apt/hp-rdacas-16.05-10482.ova

HISTORY
Version:1 (rev.1) - 29 August 2016 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software products
should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported
product:

 * Web Form: https://www.hpe.com/info/report-security-vulnerability

 * Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the
title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

System management and security procedures must be reviewed frequently to
maintain system integrity. HPE is continually reviewing and enhancing the
security features of software products to provide customers with current secure
solutions.


"HPE is broadly distributing this Security Bulletin in order to bring to the
attention of users of the affected HPE products the important security
information contained in this Bulletin. HPE recommends that all users determine
the applicability of this information to their individual situations and take
appropriate action. HPE does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HPE will not be
responsible for any damages resulting from user's use or disregard of the
information provided in this Bulletin. To the extent permitted by law, HPE
disclaims all warranties, either express or implied, including the warranties of
merchantability and fitness for a particular purpose, title and
non-infringement."

©Copyright 2023 Hewlett Packard Enterprise Development LP
Hewlett Packard Enterprise Development shall not be liable for technical or
editorial errors or omissions contained herein. The information provided is
provided "as is" without warranty of any kind. To the extent permitted by law,
neither HPE nor its affiliates, subcontractors or suppliers will be liable for
incidental, special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or services;
or damages for loss of data, or software restoration. The information in this
document is subject to change without notice. Hewlett Packard Enterprise
Development and the names of Hewlett Packard Enterprise Development products
referenced herein are trademarks of Hewlett Packard Enterprise Development in
the United States and other countries. Other product and company names mentioned
herein may be trademarks of their respective owners.

Produits associés
HPE Remote Device Access Software

Produits associés

Sur cette page
Sur cette page
 * VULNERABILITY SUMMARY
 * SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
 * BACKGROUND
 * RESOLUTION

Avis juridique: Les produits vendus avant le 1er novembre 2015, date de la
séparation de Hewlett-Packard Company en Hewlett Packard Enterprise Company et
HP Inc. peuvent avoir d'autres noms et des numéros de modèle différents des
versions actuelles.
Hewlett Packard Enterprise est convaincu qu'il faut être inclusif sans
condition. Les travaux de travaux de remplacement des termes non inclusifs dans
nos produits actifs sont en cours.

Ces informations ont-elles été utiles ?



Merci !

Commentaires


ENTREPRISE
À propos de HPEAccessibilitéCarrièresContactez-nousResponsabilité
d’entrepriseDiversité mondiale et inclusionDéclaration de transparence de HPE
relative à l’esclavage moderne (PDF)Hewlett Packard LabsRelations avec les
investisseursLeadershipPolitique généraleIndices pour l’égalité professionnelle
Femmes-Hommes
DÉCOUVRIR
Intelligence artificielleCloud ComputingConteneursMachine LearningGlossaire de
l’entreprise
ACTUALITÉS ET ÉVÈNEMENTS
NewsroomHPE DiscoverÉvénementsWebinaires
PARTENAIRES
Programmes partenairesRechercher un partenaireCertificationsEzmeral Marketplace
SUPPORT TECHNIQUE
Support produitLogiciels et pilotesVérification de garantieServices d'assistance
améliorésFormationRetour et recyclage de produits
Communautés
Communauté HPEAruba AirheadsCommunauté HPE Tech ProHPE Developer CommunityTous
les blogs et forums
RESSOURCES CLIENT
Témoignages de clientComment acheterServices de financementExecutive Briefing
CenterInscription par e-mailHPE MyAccountBibliothèque de ressourcesGalerie
vidéoInscription au programme Voice of the Customer
SUIVRE HPE

© Copyright 2023 Hewlett Packard Enterprise Development LP
   
 * Confidentialité
   
   
 * Conditions générales
   
   
 * Choix des publicités et cookies
   
   
   
   

This page has an error. You might just need to refresh it.
[NoErrorObjectAvailable] Script error.