Vulnerability Description
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openconnect | Webconnect | 6.4.4 |
References
- http://marc.info/?l=bugtraq&m=110910838600145&w=2
- http://secunia.com/advisories/14006/Patch
- http://www.cirt.dk/advisories/cirt-29-advisory.pdfExploitPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/628411Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/JSHA-69HVPKThird Party AdvisoryUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19394
- http://marc.info/?l=bugtraq&m=110910838600145&w=2
- http://secunia.com/advisories/14006/Patch
- http://www.cirt.dk/advisories/cirt-29-advisory.pdfExploitPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/628411Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/JSHA-69HVPKThird Party AdvisoryUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19394
FAQ
What is CVE-2004-0465?
CVE-2004-0465 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" seque...
How severe is CVE-2004-0465?
CVE-2004-0465 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0465?
Check the references section above for vendor advisories and patch information. Affected products include: Openconnect Webconnect.