|
Family: CGI abuses --> Category: infos
PatchLink Update Server proxyreg.asp Authentication Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to list registered proxy server in PatchLink Update Server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP script that is prone to an
authentication bypass attack.
Description :
The remote host is running PatchLink Update Server, a patch and
vulnerability management solution.
The version of PatchLink Update Server installed on the remote fails
to check for authentication credentials before providing access to the
'/dagent/proxyreg.asp' script. A possible hacker can exploit this issue to
list, delete, or add proxies used by the PatchLink FastPatch software.
Note that Novell ZENworks Patch Management is based on PatchLink
Update Server and is affected as well.
See also :
http://www.securityfocus.com/archive/1/438710/30/0/threaded
http://support.novell.com/cgi-bin/search/searchtid.cgi?10100709.htm
Solution :
Apply patch 6.1 P1 / 6.2 SR1 P1 if using PatchLink Update Server or
6.2 SR1 P1 if using Novell ZENworks Patch Management.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|