Описание
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.
Ссылки
- Patch
- ExploitPatchVendor Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
- Patch
- ExploitPatchVendor Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:openconnect:webconnect:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:openconnect:webconnect:6.5:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.22387
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.
EPSS
Процентиль: 96%
0.22387
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other