OpenConnect WebConnect多个远程漏洞

漏洞信息详情

OpenConnect WebConnect多个远程漏洞

• CNNVD编号：CNNVD-200412-1020
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0465
  
• 漏洞类型：
  
  
  路径遍历
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  openconnect
• 漏洞来源：
  Discovery of these…

WebConnect 6.5和6.4.4以及可能早期版本的jretest.html存在目录遍历漏洞。远程攻击者借助WCP_USER参数中的\”..//\”序列读取具有任意INI格式的文件密钥。

It is reported that the vendor has addressed these vulnerabilities in version 6.5.1. Customers are advised to contact the vendor for further information regarding obtaining and applying an appropriate update.

来源:US-CERT Vulnerability Note: VU#JSHA-69HVPK
名称: http://www.kb.cert.org/vuls/id/JSHA-69HVPK
链接:http://www.kb.cert.org/vuls/id/JSHA-69HVPK

来源:US-CERT Vulnerability Note: VU#628411
名称: VU#628411
链接:http://www.kb.cert.org/vuls/id/628411

来源: XF
名称: webconnect-wcpuser-directory-traversal(19394)
链接:http://xforce.iss.net/xforce/xfdb/19394

来源: www.cirt.dk
链接:http://www.cirt.dk/advisories/cirt-29-advisory.pdf

来源: SECUNIA
名称: 14006
链接:http://secunia.com/advisories/14006/

来源: BUGTRAQ
名称: 20050220 The WebConnect 6.4.4 and 6.5 contains several vulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110910838600145&w=2