3 matches found
CVE-2013-4098
The CVE-2013-4098 entry concerns DS3 Authentication Server, where ServerAdmin/ErrorViewer.jsp accepts a message parameter that can be used to inject arbitrary error-page text. The public descriptions (NVD, Red Hat, CVE record) repeat this flaw, and an OpenVAS plugin notes DS3 has multiple vulnera...
CVE-2013-4096
The CVE-2013-4096 issue affects the DS3 Authentication Server’s ServerAdmin/TestTelnetConnection.jsp where remote authenticated users can execute arbitrary commands by injecting shell metacharacters into HOST_NAME. The NVD entry documents a high impact (CVSSv2 9.0, network access, no authenticati...
CVE-2013-4097
DS3 Authentication Server is affected by a information disclosure vulnerability. The issue occurs in ServerAdmin/TestDRConnection.jsp where remote attackers can obtain sensitive information via a direct request, revealing the installation path in a -REG-E-OPEN error message. The CVE record is cor...