Allmanage管理员密码检索漏洞

漏洞信息详情

Allmanage管理员密码检索漏洞

• CNNVD编号：CNNVD-200005-051
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0435
  
• 漏洞类型：
  
  
  配置错误
  
• 发布时间：
  
  2000-05-13
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  matthew_redman
• 漏洞来源：
  Posted to bugtraq …

allmanageup.pl文件上传Allmanage Website administration software 2.6 的CGI脚本存在漏洞，远程攻击者可以直接调用来修改用户账号和web页面。

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
This problem can be circumvented by setting permissions on the file ../k in the Allmanage directory to refuse remote reading.

来源: BID
名称: 1217
链接:http://www.securityfocus.com/bid/1217

来源: OSVDB
名称: 1337
链接:http://www.osvdb.org/1337

来源: BUGTRAQ
名称: 20000516 Allmanage.pl Vulnerabilities
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html