Symantec Reporting Server Authentication Bypass Vulnerability
BID:24325
Info
Symantec Reporting Server Authentication Bypass Vulnerability
| Bugtraq ID: | 24325 |
| Class: | Design Error |
| CVE: |
CVE-2007-3095 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | This issue was discovered internally by the vendor. |
| Vulnerable: |
Symantec Reporting Server 1.0.197.0 Symantec Client Security 3.1 .401 Symantec Client Security 3.1 .400 Symantec Client Security 3.1 .396 Symantec Client Security 3.1 .394 Symantec Client Security 3.1 Symantec AntiVirus Corporate Edition 10.1 .401 Symantec AntiVirus Corporate Edition 10.1 .400 Symantec AntiVirus Corporate Edition 10.1 .396 Symantec AntiVirus Corporate Edition 10.1 .394 Symantec AntiVirus Corporate Edition 10.1 |
| Not Vulnerable: |
Symantec Reporting Server 1.0.224.0 Symantec Client Security 3.1.6.6000 Symantec AntiVirus Corporate Edition 10.1.6.600 |
Discussion
Symantec Reporting Server Authentication Bypass Vulnerability
Symantec Reporting Server is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain access to the reporting database.
Symantec Reporting Server is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain access to the reporting database.
Exploit / POC
Symantec Reporting Server Authentication Bypass Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Symantec Reporting Server Authentication Bypass Vulnerability
Solution:
The vendor released an update and an advisory to address this issue. Please see the references for more information.
Solution:
The vendor released an update and an advisory to address this issue. Please see the references for more information.
References
Symantec Reporting Server Authentication Bypass Vulnerability
References:
References:
- SYM07-011: Symantec Reporting Server Password Disclosure (Symantec)
- Symantec Client Security Homepage (Symantec)
- Symantec Reporting Server Homepage (Symantec )
- SYM07-011 Symantec Reporting Server password disclosure (Symantec)