|
Family: CGI abuses --> Category: infos
Multiple vulnerabilities in OpenConnect WebConnect < 6.5.1 Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in OpenConnect WebConnect < 6.5.1
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a Java application that is vulnerable to
multiple attacks.
Description :
The remote host is running OpenConnect WebConnect, a web-based graphical
user interface that gives remote users console access to mainframe,
midrange, and Unix systems using a Java-based telnet console which
communicates securely over HTTP. OC WebConnect 6.44 and 6.5 (and
possibly previous versions) have multiple remote vulnerabilities :
- A remote attacker can bring about a denial of service by
sending an HTTP GET or POST request with an MS-DOS device
name in it (Windows platforms only).
- A read-only directory traversal vulnerability in 'jretest.html'
allows exposure of files formatted in an INI-style format (any
platform).
See also :
http://cirt.dk/advisories/cirt-29-advisory.pdf
Solution :
Upgrade to OpenConnect WebConnect 6.5.1 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|