{"href": "https://www.seebug.org/vuldb/ssvid-78813", "status": "poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "OpenConnect WebConnect 6.4/6.5 jretest.html Traversal Arbitrary File Access", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-78813", "cvelist": [], "description": "No description provided by source.", "viewCount": 17, "published": "2014-07-01T00:00:00", "sourceData": "\n source: http://www.securityfocus.com/bid/12613/info\r\n\r\nOpenConnect WebConnect is reported prone to multiple vulnerabilities. The following individual issues are reported:\r\n\r\nWebConnect is reported prone to a remote denial of service vulnerability.\r\n\r\nA remote attacker may exploit this vulnerability to crash the WebConnect software and deny service for legitimate users.\r\n\r\nA directory traversal vulnerability is also reported to affect WebConnect. This issue is reported to exist due to a lack of sufficient sanitization performed on a user-supplied URI parameter that is passed to the 'jretest.html' script.\r\n\r\nA remote attacker may exploit this vulnerability to disclose the contents of server readable files.\r\n\r\nhttp://www.example.com:2080/jretest.html?lang=&parms=default&WCP_USER=..//..//..//..//..//boot.ini&action=\r\nhttp://www.example.com:2080/COM1 \r\n\n ", "id": "SSV:78813", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T16:54:09", "reporter": "Root", "enchantments": {"score": {"value": 7.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 7.1}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645456952, "score": 1683911323, "epss": 1678850553}, "_internal": {"score_hash": "1980845b895a9b8053da86a5fe9ea70f"}}
OpenConnect WebConnect 6.4/6.5 jretest.html Traversal Arbitrary File Access