OpenConnect WebConnect Multiple Remote Vulnerabilities
BID:12613
Info
OpenConnect WebConnect Multiple Remote Vulnerabilities
| Bugtraq ID: | 12613 |
| Class: | Unknown |
| CVE: |
CVE-2004-0466 CVE-2004-0465 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of these vulnerabilities is credited to Dennis Rand. |
| Vulnerable: |
OpenConnect WebConnect 6.4.4 OpenConnect WebConnect 6.5 |
| Not Vulnerable: | |
Discussion
OpenConnect WebConnect Multiple Remote Vulnerabilities
OpenConnect WebConnect is reported prone to multiple vulnerabilities. The following individual issues are reported:
WebConnect is reported prone to a remote denial of service vulnerability.
A remote attacker may exploit this vulnerability to crash the WebConnect software and deny service for legitimate users.
A directory traversal vulnerability is also reported to affect WebConnect. This issue is reported to exist due to a lack of sufficient sanitization performed on a user-supplied URI parameter that is passed to the 'jretest.html' script.
A remote attacker may exploit this vulnerability to disclose the contents of server readable files.
OpenConnect WebConnect is reported prone to multiple vulnerabilities. The following individual issues are reported:
WebConnect is reported prone to a remote denial of service vulnerability.
A remote attacker may exploit this vulnerability to crash the WebConnect software and deny service for legitimate users.
A directory traversal vulnerability is also reported to affect WebConnect. This issue is reported to exist due to a lack of sufficient sanitization performed on a user-supplied URI parameter that is passed to the 'jretest.html' script.
A remote attacker may exploit this vulnerability to disclose the contents of server readable files.
Exploit / POC
OpenConnect WebConnect Multiple Remote Vulnerabilities
The following examples and exploits are available:
http://www.example.com:2080/jretest.html?lang=&parms=default&WCP_USER=..//..//..//..//..//boot.ini&action=
http://www.example.com:2080/COM1
The following examples and exploits are available:
http://www.example.com:2080/jretest.html?lang=&parms=default&WCP_USER=..//..//..//..//..//boot.ini&action=
http://www.example.com:2080/COM1
Solution / Fix
OpenConnect WebConnect Multiple Remote Vulnerabilities
Solution:
It is reported that the vendor has addressed these vulnerabilities in version 6.5.1. Customers are advised to contact the vendor for further information regarding obtaining and applying an appropriate update.
Solution:
It is reported that the vendor has addressed these vulnerabilities in version 6.5.1. Customers are advised to contact the vendor for further information regarding obtaining and applying an appropriate update.
References
OpenConnect WebConnect Multiple Remote Vulnerabilities
References:
References: