Detections
Analytics

OpenConnect WebConnect < 6.5.1 Multiple Vulnerabilities

medium Nessus Plugin ID 17214

Language:

Synopsis

The remote web server contains a Java application that is vulnerable to multiple attacks.

Description

The remote host is running OpenConnect WebConnect, a web-based graphical user interface that gives remote users console access to mainframe, midrange, and Unix systems using a Java-based telnet console which communicates securely over HTTP. OC WebConnect 6.44 and 6.5 (and possibly previous versions) have multiple remote vulnerabilities :

 - A remote attacker can bring about a denial of service by sending an HTTP GET or POST request with an MS-DOS device name in it (Windows platforms only).

- A read-only directory traversal vulnerability in 'jretest.html' allows exposure of files formatted in an INI-style format (any platform).

Solution

Upgrade to OpenConnect WebConnect 6.5.1 or later.

See Also

http://marc.info/?l=bugtraq&m=110910838600145

Plugin Details

Severity: Medium

ID: 17214

File Name: ocwebconnect_multiple_vulns.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 2/24/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/21/2005

Reference Information

CVE: CVE-2004-0465, CVE-2004-0466

BID: 12613