Qbik WinGate信息披露漏洞

漏洞信息详情

Qbik WinGate信息披露漏洞

• CNNVD编号：CNNVD-200412-057
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0578
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2004-12-06
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-22
  
• 厂        商：
  
  qbik
• 漏洞来源：
  An anonymous contr…

WinGate 5.2.3 build 901和 6.0 beta 2 build 942，和如5.0.5的其他版本存在漏洞。远程攻击者借助wingate-内部目录中URL请求的前导斜线（/ /）字符读取任意文件。

The vendor has released an upgrade dealing with this issue.
Qbik WinGate Plus 5.0.5

• Qbik WinGate6.0.0.963-USE.EXE
  
  http://www334.pair.com/qbiknz/downloads/WinGate6.0.0.963-USE.EXE

Qbik WinGate Pro 5.0.5

• Qbik WinGate6.0.0.963-USE.EXE
  
  http://www334.pair.com/qbiknz/downloads/WinGate6.0.0.963-USE.EXE

Qbik WinGate Plus 5.2.3 Build 901

• Qbik WinGate6.0.0.963-USE.EXE
  
  http://www334.pair.com/qbiknz/downloads/WinGate6.0.0.963-USE.EXE

Qbik WinGate Pro 5.2.3 Build 901

• Qbik WinGate6.0.0.963-USE.EXE
  
  http://www334.pair.com/qbiknz/downloads/WinGate6.0.0.963-USE.EXE

Qbik WinGate Pro 6.0 Beta 2 Build 942

• Qbik WinGate6.0.0.963-USE.EXE
  
  http://www334.pair.com/qbiknz/downloads/WinGate6.0.0.963-USE.EXE

Qbik WinGate Plus 6.0 Beta 2 Build 942

• Qbik WinGate6.0.0.963-USE.EXE
  
  http://www334.pair.com/qbiknz/downloads/WinGate6.0.0.963-USE.EXE

来源: XF
名称: wingate-directory-traversal(16589)
链接:http://xforce.iss.net/xforce/xfdb/16589

来源: FULLDISC
名称: 20040701 iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure
链接:http://marc.theaimsgroup.com/?l=full-disclosure&m=108872788123695&w=2

来源: www.idefense.com
链接:http://www.idefense.com/application/poi/display?id=113