Family: CGI abuses --> Category: infos
Multiple vulnerabilities in OpenConnect WebConnect < 6.5.1 Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in OpenConnect WebConnect < 6.5.1
Detailed Explanation for this Vulnerability Test
The remote web server contains a Java application that is vulnerable to
The remote host is running OpenConnect WebConnect, a web-based graphical
user interface that gives remote users console access to mainframe,
midrange, and Unix systems using a Java-based telnet console which
communicates securely over HTTP. OC WebConnect 6.44 and 6.5 (and
possibly previous versions) have multiple remote vulnerabilities :
- A remote attacker can bring about a denial of service by
sending an HTTP GET or POST request with an MS-DOS device
name in it (Windows platforms only).
- A read-only directory traversal vulnerability in 'jretest.html'
allows exposure of files formatted in an INI-style format (any
See also :
Upgrade to OpenConnect WebConnect 6.5.1 or later.
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.