Macromedia Dreamweaver Remote User Database Access Vulnerability
BID:10036
Info
Macromedia Dreamweaver Remote User Database Access Vulnerability
| Bugtraq ID: | 10036 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 02 2004 12:00AM |
| Updated: | Apr 02 2004 12:00AM |
| Credit: | This issue was disclosed in the referenced vendor advisory. |
| Vulnerable: |
Macromedia Dreamweaver Ultradev 4.0 Macromedia Dreamweaver MX 6.1 Macromedia Dreamweaver MX 6.0 Macromedia Dreamweaver MX 2004 |
| Not Vulnerable: | |
Discussion
Macromedia Dreamweaver Remote User Database Access Vulnerability
A vulnerability that may allow remote users to gain unauthorized access to web application databases has been reported to affect Dreamweaver when configured to access a remote database. This issue is due to a configuration error that allows remote users to access web based database interface scripts.
This issue may be leveraged to allow a remote attacker to gain privileged access to the affected database through the Dreamweaver application. This may allow for the corruption or disclosure of sensitive data, other attacks may be possible as well.
A vulnerability that may allow remote users to gain unauthorized access to web application databases has been reported to affect Dreamweaver when configured to access a remote database. This issue is due to a configuration error that allows remote users to access web based database interface scripts.
This issue may be leveraged to allow a remote attacker to gain privileged access to the affected database through the Dreamweaver application. This may allow for the corruption or disclosure of sensitive data, other attacks may be possible as well.
Exploit / POC
Macromedia Dreamweaver Remote User Database Access Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Macromedia Dreamweaver Remote User Database Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Macromedia Dreamweaver Remote User Database Access Vulnerability
References:
References:
- Macromedia Homepage (Macromedia)
- MPSB 04-05 Potential Risk in Dreamweaver Remote Database Connectivity (Macromedia)