CVE-2008-6707 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-6707
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-6707

Description: The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43394 http://xforce.iss.net/xforce/xfdb/43389 http://xforce.iss.net/xforce/xfdb/43395 http://xforce.iss.net/xforce/xfdb/43384 http://xforce.iss.net/xforce/xfdb/43381 http://xforce.iss.net/xforce/xfdb/43393 SAID Secunia Advisory: SA30751 OSVDB 46599 46598 46600 MISC http://www.voipshield.com/research-details.php?id=89 http://www.voipshield.com/research-details.php?id=91 http://www.voipshield.com/research-details.php?id=90 http://www.voipshield.com/research-details.php?id=88 http://www.voipshield.com/research-details.php?id=87 http://www.voipshield.com/research-details.php?id=86 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm BID 29939

Return to the previous page.