Novell Access Management SSLVPN Server - Security Bypass

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056180 漏洞类型
发布时间 2007-03-02 更新时间 2007-03-02
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Novell CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/29699
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/22787/info

Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability.

A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attacks.

This issue affects version 3 IR1 of Novell Access Management Server. 

A proof-of-concept modification to 'policy.txt' would be as follows:

sslize {
from : 0.0.0.0 / 0
to :10.0.0.0/255.0.0.0
port : 80
protocol :tcp
action :allow
};

The above example demonstrates how an attacker would allow their client machine HTTP access to any host on the remote network.