Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7877
HistoryFeb 21, 2005 - 12:00 a.m.

[Full-Disclosure] The WebConnect 6.4.4 and 6.5 contains several vulnerabilities

2005-02-2100:00:00
vulners.com
10
JSON

The WebConnect 6.4.4 and 6.5 contains several vulnerabilities such as:

  • Denial of Service when requesting an DOS Device in Path Name
  • Reading of files outside webroot (Directory traversal)
    Requesting "DOS Device in Path Name" Denial of Service
    When requesting a DOS device in the URL the server will stop responding
    to any further requests before a manual restart of service has been made.
    This attack can be preformed on both the client website and the
    administration interface.
    Vulnerable versions:
  • WebConnect 6.4.4 (Possible previous versions)
  • WebConnect 6.5

CERT response:

  • VU#552561 CAN-2004-0466

Reading of files outside webroot (Directory traversal)
When sending a specially crafted request to the server it is possible to
read files outside the webroot. Since the service as default runs with
system rights, this could give access to the entire partition that WebConnect
are installed on.
Vulnerable versions:

  • WebConnect 6.4.4 (Possible previous versions)
    CERT response:
  • VU#628411 CAN-2004-0465

Read the full advisory for both the vulnerabilities at:
http://www.cirt.dk/

Related

nessus 1
cert 2
cve 2
nessus
nessus
OpenConnect WebConnect < 6.5.1 Multiple Vulnerabilities
2005-02-24 00:00:00
cert
cert
OpenConnect Webconnect read-only directory traversal vulnerability in jretest.html
2005-02-21 00:00:00
OpenConnect Webconnect MS-DOS device name denial-of-service
2005-02-21 00:00:00
cve
cve
CVE-2004-0465
2004-12-31 05:00:00
CVE-2004-0466
2004-02-21 05:00:00
JSON
Related for SECURITYVULNS:DOC:7877
nessus1cert2cve2