CVE-2002-0301
CVSS5.0
发布时间 :2002-05-31 00:00:00
修订时间 :2016-10-17 22:18:42
NMCOS    

[原文]Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.


[CNNVD]Citrix NFuse Network信息泄露漏洞(CNNVD-200205-125)

        Citrix NFuse 1.6版本存在漏洞。远程攻击者通过直接调用带有有效NFUSE_USER和NFUSE_PASSWORD参数的launch.asp绕过认证且获取敏感信息。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0301
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0301
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200205-125
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101424947801895&w=2
(UNKNOWN)  BUGTRAQ  20020220 Re: Citrix NFuse 1.6 - additional network exposure
http://www.securityfocus.com/bid/4142
(UNKNOWN)  BID  4142

- 漏洞信息

Citrix NFuse Network信息泄露漏洞
中危 设计错误
2002-05-31 00:00:00 2005-10-20 00:00:00
远程  
        Citrix NFuse 1.6版本存在漏洞。远程攻击者通过直接调用带有有效NFUSE_USER和NFUSE_PASSWORD参数的launch.asp绕过认证且获取敏感信息。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息

6671
Citrix NFuse launch.asp Information Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality Upgrade
Exploit Public Vendor Verified

- 漏洞描述

- 时间线

2002-02-20 Unknow
Unknow 2002-05-24

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 1.61, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Citrix NFuse Network Information Disclosure Vulnerability
Design Error 4142
Yes No
2002-02-20 12:00:00 2009-07-11 10:56:00
Discovered by Bob Fiero <bfiero@mentalfloss.net>.

- 受影响的程序版本

Citrix Nfuse 1.6

- 漏洞讨论

Citrix NFuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver.

An issue has been reported in NFuse which could allow a remote user to reveal network structure information of a host.

Reportedly, submitting a request while specifying the 'NFUSE_USER' and 'NFUSE_PASSWORD' parameters with arbitrary information, could reveal network structure information including server and domain names.

If this issue is successfully exploited, an attacker may use this information to assist in further attacks against the host.

- 漏洞利用

No exploit code required.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站