Lucene search
RootSSV:61451HistoryFeb 17, 2014 - 12:00 a.m.
CA 2E Web Option 8.1.2身份验证绕过漏洞
2014-02-1700:00:00
Root
www.seebug.org
24
0.024 Low
EPSS
Percentile
88.6%
CVE(CAN) ID: CVE-2014-1219
CA 2E Web Option是CA 2E应用Web接口开发工具。
CA 2E Web Option (r8.1.2)生成会议令牌的方式可以预测,在实现上存在安全漏洞,这可使远程攻击者绕过身份验证机制。
0
CA 2E Web Option 8.1.2
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.ca.com/us/~/media/files/productbriefs/cs3003-ca-2e-web-option.aspx
Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option
CVE: CVE-2014-1219
Vendor: CA
Product: 2E Web Option
Affected version: 8.1.2
Fixed version: N/A
Reported by: Mike Emery
Details:
CA 2E Web Option (r8.1.2) and potentially others, is vulnerable to unauthenticated privilege escalation via a predictable session token.
The POST parameter session token W2E_SSNID appears as follows:
W2E_SSNID=3DW90NIxGoSsN1023ZYW2E735182000013CLSpKfgkCJSLKsc600061JKenjKnE
JuNX9GoVjCEbqIuKh6kFRvbzYnUxgQtONszJldyAar3LtTSwsmBLpdlPc5iDH4Zf75
However, this token is poorly validated, leading to
W2E_SSNID=3DW90NIxGoSsN1023ZYW2E735182000013
being accepted as a valid session. By incrementing and
decrementing the digits at the end of the value given above, it is
possible to control the session at the given ID. This token is sent as
part of the login page, and as such, can be manipulated by an
unauthenticated attacker, giving them access to any valid session.
Consequentially, it is possible to access the following page as such:
https://app.domain.co.uk/web2edoc/close.htm?SSNID=3DW90NIxGoSsN1023ZYW2E735182000026
Ending the session specified, which could lead to a denial of service condition.
Further details at:
http://portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.
Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.
Related
prion
prion
Code injection
2014-02-14 13:10:00
seebug
seebug
CA 2E Web Option 8.1.2 - Authentication Bypass
2014-07-01 00:00:00
zdt
zdt
CA 2E Web Option 8.1.2 - Authentication Bypass Vulnerability
2014-02-13 00:00:00
exploitpack
exploitpack
CA 2E Web Option 8.1.2 - Authentication Bypass
2014-02-13 00:00:00
packetstorm
packetstorm
CA 2E Web Option 8.1.2 Privilege Escalation / Denial Of Service
2014-02-13 00:00:00
securityvulns
securityvulns
CA20140218-01: Security Notice for CA 2E Web Option
2014-04-01 00:00:00
CA 2E Web Option session spooging
2014-04-01 00:00:00
cvelist
cvelist
CVE-2014-1219
2014-02-13 22:00:00
cve
cve
CVE-2014-1219
2014-02-14 13:10:00
exploitdb
exploitdb
CA 2E Web Option 8.1.2 - Authentication Bypass
2014-02-13 00:00:00