Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3167
HistoryApr 15, 2008 - 12:00 a.m.

OmniPCX Office远程信息泄露漏洞

2008-04-1500:00:00
Root
www.seebug.org
9

0.946 High

EPSS

Percentile

99.3%

JSON

BUGTRAQ ID: 28758
CVE(CAN) ID: CVE-2008-1331

阿尔卡特的OmniPCX Office是一套为中小型企业设计的统一通信解决方案。

OmniPCX Office的Internet Access服务所使用的一个CGI脚本没有正确地过滤某些特定参数,允许远程攻击者从Internet检索敏感信息。

Alcatel-Lucent OmniPCX Office >= 210/061.1
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

  • 禁止从Internet的WBM/WCA访问

对于R2.1到R4.1版本:

以管理帐号登录到WBM
找到Firewall配置屏幕
选择Firewall Settings URL
选择Services标签
反选Web-Based Management (WBM)
反选Web-Communication Assistant
应用修改
注销

对于R5.1到R6.1版本:

以管理帐号登录到WBM
找到Firewall配置屏幕
选择Firewall Settings URL
选择HTTP/HTTPS标签
反选HTTPS services (“Services available from WAN network using HTTPS”)
反选HTTP services (“Services available from WAN network using HTTP”)
应用修改
注销

厂商补丁:

Alcatel-Lucent

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://www1.alcatel-lucent.com/products/productsummary.jsp?productNumber=tcm:228-1280151635” target=“_blank”>http://www1.alcatel-lucent.com/products/productsummary.jsp?productNumber=tcm:228-1280151635</a>

Related

prion 1
cvelist 1
checkpoint_advisories 1
securityvulns 1
nvd 1
cve 1
prion
prion
Design/Logic Flaw
2008-04-02 20:44:00
cvelist
cvelist
CVE-2008-1331
2008-04-02 20:00:00
checkpoint_advisories
checkpoint_advisories
Alcatel OmniPCX Office FastJSDatacgi id2 Parameter Command Execution - Ver2 (CVE-2008-1331)
2015-03-26 00:00:00
securityvulns
securityvulns
Alcatel OmniPCX cpmmands execution
2008-05-22 00:00:00
nvd
nvd
CVE-2008-1331
2008-04-02 20:44:00
cve
cve
CVE-2008-1331
2008-04-02 20:44:00

0.946 High

EPSS

Percentile

99.3%

JSON
Related for SSV:3167
prion1cvelist1checkpoint_advisories1securityvulns1nvd1cve1