CVE-2003-1463
CVSS3.5
发布时间 :2003-12-31 00:00:00
修订时间 :2008-09-05 16:37:00
NMCOE    

[原文]Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.


[CNNVD]Alt-N Technologies WebAdmin绝对路径遍历漏洞(CNNVD-200312-378)

        Alt-N Technologies WebAdmin 2.0.0版本到2.0.2版本存在绝对路径遍历漏洞。带有管理员特权的远程攻击者可以(1)通过读取连接中Name参数的内容确定安装路径,以及(2)借助Name参数的绝对路径读取任意文件。

- CVSS (基础分值)

CVSS分值: 3.5 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: SINGLE_INSTANCE [--]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

cpe:/a:alt-n:webadmin:2.0.0
cpe:/a:alt-n:webadmin:2.0.2
cpe:/a:alt-n:webadmin:2.0.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1463
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1463
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-378
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/11875
(UNKNOWN)  XF  webadmin-webadmindll-view-files(11875)
http://xforce.iss.net/xforce/xfdb/11874
(UNKNOWN)  XF  webadmin-webadmindll-path-disclosure(11874)
http://www.securityfocus.com/bid/7439
(UNKNOWN)  BID  7439
http://www.securityfocus.com/bid/7438
(UNKNOWN)  BID  7438
http://www.securityfocus.com/archive/1/319735
(UNKNOWN)  BUGTRAQ  20030425 Path disclosure and file access on WebAdmin
http://securityreason.com/securityalert/3286
(UNKNOWN)  SREASON  3286

- 漏洞信息

Alt-N Technologies WebAdmin绝对路径遍历漏洞
低危 未知
2003-12-31 00:00:00 2003-12-31 00:00:00
远程  
        Alt-N Technologies WebAdmin 2.0.0版本到2.0.2版本存在绝对路径遍历漏洞。带有管理员特权的远程攻击者可以(1)通过读取连接中Name参数的内容确定安装路径,以及(2)借助Name参数的绝对路径读取任意文件。

- 公告与补丁

        

- 漏洞信息 (22541)

Alt-N WebAdmin 2.0.x Remote File Viewing Vulnerability (EDBID:22541)
cgi remote
2003-04-25 Verified
0 david@kamborio.net
N/A [点击下载]
source: http://www.securityfocus.com/bid/7438/info

Alt-N WebAdmin allows a remote user to access files that they should not be able to access. The remote user can submit an HTTP request that will return the contents of any webserver-readable file on the system.

NOTE: The user must have administrative privileges in WebAdmin to access these files.

http://server/WebAdmin.dll?Session=X&Program=MDaemon&Directory:Name=C:\WINNT&File:Name=WIN.INI&View=ViewFile

		

- 漏洞信息 (22542)

Alt-N WebAdmin 2.0.x Remote File Disclosure Vulnerability (EDBID:22542)
cgi remote
2003-04-25 Verified
0 david@kamborio.net
N/A [点击下载]
source: http://www.securityfocus.com/bid/7439/info

Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information.

http://www.example.com/WebAdmin.dll?session=X&Program=MDaemon&Directory:Name=C:\MDaemon\App&File:Name=MDAEMON.INI&View=EditFile 		

- 漏洞信息

53493
Alt-N WebAdmin Name Parameter Arbitrary File Access
Remote / Network Access Input Manipulation

- 漏洞描述

- 时间线

2003-04-25 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站