ID CVE-2004-0465
Summary Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:openconnect:webconnect:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:openconnect:webconnect:6.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openconnect:webconnect:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:openconnect:webconnect:6.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bugtraq 20050220 The WebConnect 6.4.4 and 6.5 contains several vulnerabilities
cert-vn VU#628411
confirm http://www.kb.cert.org/vuls/id/JSHA-69HVPK
misc http://www.cirt.dk/advisories/cirt-29-advisory.pdf
secunia 14006
xf webconnect-wcpuser-directory-traversal(19394)
Last major update 11-07-2017 - 01:30
Published 31-12-2004 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top