2 matches found
CVE-2004-0466
The CVE-2004-0466 issue affects OpenConnect WebConnect (Windows) versions 6.4.4 and 6.5 (and possibly earlier). A denial-of-service vulnerability occurs when an HTTP request URL contains an MS-DOS device name (AUX, CON, PRN, COM1, LPT1); the server may stop responding to further requests, causing...
CVE-2004-0465
OpenConnect WebConnect (WebConnect 6.4.4, 6.5 and possibly earlier) is vulnerable to a read-only directory traversal in the jretest.html page. By sending a crafted request that abuses the WCP_USER parameter (using ..// sequences), an attacker can read INI-style files outside the webroot and view ...