发布时间 :2001-02-12 00:00:00
修订时间 :2008-09-05 16:22:08

[原文]HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.

[CNNVD]Watchguard SOHO防火墙HTTP请求漏洞(CNNVD-200102-027)

        WatchGuard SOHO防火墙上的HTTP服务器不正确现在管理函数访问,如密码重设或重启。攻击者可以利用该漏洞导致服务拒绝或管理未授权行为。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  ISS  20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
(UNKNOWN)  XF  watchguard-soho-web-auth(5554)

- 漏洞信息

Watchguard SOHO防火墙HTTP请求漏洞
危急 访问验证错误
2001-02-12 00:00:00 2005-05-13 00:00:00
        WatchGuard SOHO防火墙上的HTTP服务器不正确现在管理函数访问,如密码重设或重启。攻击者可以利用该漏洞导致服务拒绝或管理未授权行为。

- 公告与补丁

        Watchguard has addressed this vulnerability with the latest release of SOHO Firewall. The latest version can be downloaded at the following location:

- 漏洞信息

WatchGuard Firebox SOHO Web Config Server Unauthenticated Access Bypass
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

Watchguard Firebox SOHO firewall contains a flaw that may allow a remote attacker to bypass authentication for the Web administration interface. The issue is due to a flaw in the administration authentication that allows an attacker to directly access and modify the firewall's configuration options. By accessing the options directly, the attacker could modify settings or disable service.

- 时间线

2000-12-14 Unknow
2000-12-14 Unknow

- 解决方案

Upgrade to version 2.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Watchguard SOHO Firewall HTTP Request Vulnerability
Access Validation Error 2119
Yes Yes
2000-12-14 12:00:00 2009-07-11 04:46:00
Discovered by Steven Maks and Keith Jarvis of Internet Security Systems <> and posted to Bugtraq on December 14, 2000.

- 受影响的程序版本

WatchGuard SOHO Firewall 2.1.3
WatchGuard SOHO Firewall 1.6
WatchGuard SOHO Firewall 2.2.1

- 不受影响的程序版本

WatchGuard SOHO Firewall 2.2.1

- 漏洞讨论

SOHO Firewall is an appliance firewall by Watchguard Technologies Inc. designed for Small Office/Home Office users.

It is possible for a remote intruder to gain inappropriate access to the system on which SOHO Firewall resides through specially formed HTTP requests. The web server component will grant access to known files when HTTP requests such as http://target/filename.ext are received. In addition, it is possible to perform administrative tasks such as rebooting SOHO firewall and resetting the administrative password without any authorization. For example, a remote attacker may reset the password by supplying a blank request for the /passcfg object. This will clear the administrative password and will yield access to administrative functions via HTTP.

- 漏洞利用

See discussion.

- 解决方案

Watchguard has addressed this vulnerability with the latest release of SOHO Firewall. The latest version can be downloaded at the following location:

- 相关参考