|
Emulive Server4 Security Bypass and Denial of Service Vulnerabilities
|
|
Secunia Advisory:
|
SA12616
|
|
|
Release Date:
|
2004-09-22
|
|
Last Update:
|
2005-02-22
|
|
Popularity:
|
6,231 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Emulive Server4
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
James Bercegay has reported a vulnerability in Emulive Server4, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
1) A vulnerability caused due to an error in the handling of session IDs can be exploited to bypass the user authentication by supplying an empty session ID.
Successful exploitation grants access to the administrator section.
2) A problem in the handling of incoming traffic on port 66/tcp can be exploited by sending a sequence of eight or more carriage returns.
Successful exploitation causes a vulnerable service to become unresponsive.
The vulnerabilities have been reported in Commerce Edition Build 7560. Other versions may also be affected.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
