Published:2017/01/19  Last Updated:2017/03/10

JVNVU#91417143
Multiple vulnerabilities in GigaCC OFFICE

Overview

GigaCC OFFICE provided by WAM!NET Japan K.K. contains multiple vulnerabilities.

Products Affected

  • GigaCC OFFICE ver.2.3 and earlier
For more information, refer to the information provided by the developer.

Description

  • Mis-configuration of Apache Velocity template engine which is used to send emails - CVE-2016-7844
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Base Score: 5.5
    CVSS v2 AV:N/AC:M/Au:S/C:P/I:P/A:P Base Score: 6.0
  • Apache Struts 1 vulnerability that allows unintended remote operations against components on server memory - CVE-2016-1181
    CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.1
    CVSS v2 AV:N/AC:M/Au:N/C:P/I:P/A:P Base Score: 6.8
  • Arbitrary files may be uploaded - CVE-2016-7845
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Base Score: 5.4
    CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:P Base Score: 5.5

Impact

  • Sending emails using a specially crafted mail template may result in an arbitrary OS command executed on the server - CVE-2016-7844
  • Denial of Service (DoS) condition may be caused by processing a specially crafted request - CVE-2016-1181
  • An arbitrary file can be uploaded as a profile image file by a user, which may be used for unauthorized file sharing - CVE-2016-7845

Solution

Solution for CVE-2016-7844 and CVE-2016-1181 vulnerabilities:
Update to the latest version and then apply a patch
Update to GigaCC OFFICE ver.2.3 and then apply an appropriate patch according to the information provided by the developer.

Solution for CVE-2016-7845 vulnerability:
Update to the latest version and apply Patch 1, and then apply an update module
Update to Giga CC OFFICE ver.2.4 and apply Patch 1, and then apply an update module according to the information provided by the developer.
 

Vendor Status

Vendor Link
WAM!NET Japan K.K. Notification of vulnerabilities in GigaCC OFFICE

References

  1. The Apache Velocity Project
    SecureUberspector (Apache Velocity 2.0-SNAPSHOT API)
  2. Japan Vulnerability Notes JVN#03188560
    Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated under the Information Security Early Warning Partnership.

Dongjoo Ha and Heaeun Moon of NSHC Pre., Ltd.
Masaki Yoshikawa of Recruit Technologies Co.,Ltd.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2016-1181
CVE-2016-7844
CVE-2016-7845
JVN iPedia