{"status":"success","advisory":{"_id":"683547205b16347a91c39c67","kb_acknowledgements":null,"kb_affected_list":["OnCommand Workflow Automation"],"kb_bad_data":false,"kb_cve":["CVE-2003-1567"],"kb_exploitation":"Public","kb_fixes":[{"product":"OnCommand Workflow Automation","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa_linux/3.1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa/3.1P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Exploitation of this vulnerability may lead to unauthorized information disclosure and modification.","kb_internal_notes":[{"burt":"835578","jira":"","product":"OnCommand Workflow Automation"}],"kb_investigating_list":[],"kb_num":"9010046","kb_ref":["http://static.tenable.com/documentation/reports/html/PCI_Scan_Plugin_w_Remediations.html#idp30054288","https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1567","http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=835578"],"kb_rev_history":[{"comment":"Initial Public Release; Final","date":"20151102","version":"1.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2003-1567":"CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N/E:POC/RL:U/RC:C"},"kb_scoring_calc":[{"cve_id":"CVE-2003-1567","range":"MEDIUM","score":5.2,"vector":"AV:N/AC:M/Au:N/C:P/I:P/A:N/E:POC/RL:U/RC:C"}],"kb_status":"Final","kb_summary":"The OnCommand Workflow Automation web server is configured with the TRACE and TRACK debugging functions enabled which allows unauthorized information disclosure and modification. OnCommand Workflow Automation versions below 3.1P1 are vulnerable.","kb_title":"Web Server Debugging Functions Vulnerability in OnCommand Workflow Automation","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","NetApp Cloud Backup (formerly AltaVault)","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp Storage Encryption","OnCommand Insight","Open Systems SnapVault Agent","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapDrive for Unix","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID9 (9.x and prior)","System Manager 9.x"],"kb_workarounds":"None.","ntap_advisory_id":"NTAP-20151102-0001","adv_id":"ntap-20151102-0001","published_date":"2015-11-02T00:00:00","updated_date":"2015-11-02T00:00:00","inserted_date":"2025-05-27T05:01:20.257000","modified_date":null}}