CVE-2004-0465

Properties

Published:
30.12.2004
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:C/I:N/A:N/B:N) Approximated
    Product:
    OpenConnect: WebConnect
    OpenConnect: WebConnect

    Vulnerability description

    Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via"..//" sequences in the WCP_USER parameter.

    References:

    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=110910838600145&w=2
    MISC: http://www.cirt.dk/advisories/cirt-29-advisory.pdf
    CONFIRM: http://www.kb.cert.org/vuls/id/JSHA-69HVPK
    CERT-VN: http://www.kb.cert.org/vuls/id/628411
    SECUNIA: http://secunia.com/advisories/14006/
    XF: http://xforce.iss.net/xforce/xfdb/19394
    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=110910838600145&w=2