Symantec Reporting Server Password Information Disclosure Vulnerability
BID:24312
Info
Symantec Reporting Server Password Information Disclosure Vulnerability
| Bugtraq ID: | 24312 |
| Class: | Design Error |
| CVE: |
CVE-2007-3022 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2007 12:00AM |
| Updated: | Jun 06 2007 04:40PM |
| Credit: | Mikko Korpp is credited with the discovery of this vulnerability. |
| Vulnerable: |
Symantec Reporting Server 1.0.197.0 Symantec Client Security 3.1 .401 Symantec Client Security 3.1 .400 Symantec Client Security 3.1 .396 Symantec Client Security 3.1 .394 Symantec Client Security 3.1 Symantec AntiVirus Corporate Edition 10.1 .401 Symantec AntiVirus Corporate Edition 10.1 .400 Symantec AntiVirus Corporate Edition 10.1 .396 Symantec AntiVirus Corporate Edition 10.1 .394 Symantec AntiVirus Corporate Edition 10.1 |
| Not Vulnerable: |
Symantec Reporting Server 1.0.224.0 Symantec Client Security 3.1.6.6000 Symantec AntiVirus Corporate Edition 10.1.6.600 |
Discussion
Symantec Reporting Server Password Information Disclosure Vulnerability
Symantec Reporting Server is prone to an information-disclosure vulnerability.
Successfully exploiting this issue would allow an attacker to obtain sensitive information that will allow the attacker to gain administrative access to the server database.
Symantec Reporting Server is prone to an information-disclosure vulnerability.
Successfully exploiting this issue would allow an attacker to obtain sensitive information that will allow the attacker to gain administrative access to the server database.
Exploit / POC
Symantec Reporting Server Password Information Disclosure Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Symantec Reporting Server Password Information Disclosure Vulnerability
Solution:
The vendor released an update and an advisory to address this issue. Please see the references for more information.
Solution:
The vendor released an update and an advisory to address this issue. Please see the references for more information.
References
Symantec Reporting Server Password Information Disclosure Vulnerability
References:
References:
- SYM07-011: Symantec Reporting Server Password Disclosure (Symantec)
- Symantec Client Security Homepage (Symantec)
- Symantec Reporting Server Homepage (Symantec )
- SYM07-011 Symantec Reporting Server password disclosure (Symantec)