製品・ソフトウェアに関する情報

JVN脆弱性詳細

Symantec Client Security および SAV CE などで使用される Symantec Reporting Server における "認証システムを無効にされる" 脆弱性

Title	Symantec Client Security および SAV CE などで使用される Symantec Reporting Server における "認証システムを無効にされる" 脆弱性
Summary	Symantec Client Security および Symantec AntiVirus Corporate Edition (SAV CE) などで使用される Symantec Reporting Server には、"認証システムを無効にされる"、および認証を回避される脆弱性が存在します。
Possible impacts	攻撃者により、"認証システムを無効にされる"、および認証を回避される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 5, 2007, midnight
Registration Date	Dec. 20, 2012, 6:19 p.m.
Last Update	Dec. 20, 2012, 6:19 p.m.

Affected System

シマンテック

client security 3.1 およびそれ以降

Norton AntiVirus Corporate Edition (SAV CE) 10.1 およびそれ以降

reporting server 1.0.197.0 および 1.0.224.0 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-3095	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3095
National Vulnerability Database (NVD)
2	CVE-2007-3095	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3095

ベンダー情報

No	Name	URL
Symantec Corporation
1	SYM07-011	http://www.symantec.com/avcenter/security/Content/2007.06.05.html

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-3095

Summary	Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.
Summary	Vulnerabilidad no especificada en Symantec Reporting Server 1.0.197.0, y otras versiones anteriores a 1.0.224.0, como el usado en Symantec Client Security 3.1 y posteriores, y Symantec AntiVirus Corporate Edition (SAV CE) 10.1 y posteriores, permite a atacantes remotos "deshabilitar el sistema de autenticación" y evitar la autenticación mediante vectores no especificados.
Publication Date	June 7, 2007, 7:30 a.m.
Registration Date	Jan. 29, 2021, 2:14 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:symantec:client_security:3.1:::::::*
cpe:2.3:a:symantec:client_security:3.1.394:::::::*
cpe:2.3:a:symantec:client_security:3.1.396:::::::*
cpe:2.3:a:symantec:client_security:3.1.400:::::::*
cpe:2.3:a:symantec:client_security:3.1.401:::::::*
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.396::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.400::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.401::corporate:::::
cpe:2.3:a:symantec:reporting_server::::::::		1.0.197.0

Related information, measures and tools

No	URL	refsource
1	http://osvdb.org/36107	cve@mitre.org
2	http://secunia.com/advisories/25543	cve@mitre.org
3	http://www.securityfocus.com/bid/24325	cve@mitre.org
4	http://www.securitytracker.com/id?1018196	cve@mitre.org
5	http://www.symantec.com/avcenter/security/Content/2007.06.05.html	cve@mitre.org
6	http://www.vupen.com/english/advisories/2007/2074	cve@mitre.org
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/34895	cve@mitre.org
8	http://osvdb.org/36107	af854a3a-2127-422b-91ae-364da2661108
9	http://secunia.com/advisories/25543	af854a3a-2127-422b-91ae-364da2661108
10	http://www.securityfocus.com/bid/24325	af854a3a-2127-422b-91ae-364da2661108
11	http://www.securitytracker.com/id?1018196	af854a3a-2127-422b-91ae-364da2661108
12	http://www.symantec.com/avcenter/security/Content/2007.06.05.html	af854a3a-2127-422b-91ae-364da2661108
13	http://www.vupen.com/english/advisories/2007/2074	af854a3a-2127-422b-91ae-364da2661108
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/34895	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:symantec:client_security:3.1:::::::*
cpe:2.3:a:symantec:client_security:3.1.394:::::::*
cpe:2.3:a:symantec:client_security:3.1.396:::::::*
cpe:2.3:a:symantec:client_security:3.1.400:::::::*
cpe:2.3:a:symantec:client_security:3.1.401:::::::*
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.396::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.400::corporate:::::
cpe:2.3:a:symantec:norton_antivirus:10.1.401::corporate:::::
cpe:2.3:a:symantec:reporting_server::::::::		1.0.197.0