Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Multiple vulnerabilities in OpenConnect WebConnect < 6.5.1 Vulnerability Scan

Vulnerability Scan Summary
Checks for multiple vulnerabilities in OpenConnect WebConnect < 6.5.1

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a Java application that is vulnerable to
multiple attacks.

Description :

The remote host is running OpenConnect WebConnect, a web-based graphical
user interface that gives remote users console access to mainframe,
midrange, and Unix systems using a Java-based telnet console which
communicates securely over HTTP. OC WebConnect 6.44 and 6.5 (and
possibly previous versions) have multiple remote vulnerabilities :

- A remote attacker can bring about a denial of service by
sending an HTTP GET or POST request with an MS-DOS device
name in it (Windows platforms only).

- A read-only directory traversal vulnerability in 'jretest.html'
allows exposure of files formatted in an INI-style format (any

See also :

Solution :

Upgrade to OpenConnect WebConnect 6.5.1 or later.

Threat Level:

Low / CVSS Base Score : 2

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.