Barracuda Spam Firewall web-ui Multiple CGI Unauthenticated Access

2005-03-14T01:21:38
ID OSVDB:19714
Type osvdb
Reporter Adam Pointon(adam.pointon@assurance.com.au)
Modified 2005-03-14T01:21:38

Description

Solution Description

Upgrade to version 3.1.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

/cgi-bin/mail_queue.cgi /cgi-bin/mark.cgi /cgi-bin/preview_email.cgi /cgi-bin/show_queues.cgi /cgi-bin/request_web.cgi /cgi-bin/request_support.cgi /cgi-bin/show_quar_queues.cgi /cgi-bin/show_sync_queue.cgi /cgi-bin/stats.cgi

References:

Vendor URL: http://www.barracudanetworks.com/ Vendor Specific Advisory URL Related OSVDB ID: 19713 Other Advisory URL: http://www.assurance.com.au/advisories/200503-barracuda.txt