Nokia Electronic Documentation目录信息泄露漏洞

Nokia Electronic Documentation目录信息泄露漏洞

漏洞ID 1107485 漏洞类型 未知
发布时间 2003-09-15 更新时间 2003-10-06
图片[1]-Nokia Electronic Documentation目录信息泄露漏洞-安全小百科CVE编号 CVE-2003-0802
图片[2]-Nokia Electronic Documentation目录信息泄露漏洞-安全小百科CNNVD-ID CNNVD-200310-011
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23147
https://www.securityfocus.com/bid/87738
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200310-011
|漏洞详情
Nokia提供称为NED的WEB文档接口。NokiaElectronicDocumentation(NED)没有正确处理用户提供的URI数据,远程攻击者可以利用这个漏洞获得目录路径信息。攻击者只要简单在NED的’location’参数后增加’.’号,就会导致服务器返回包含WEB-ROOT目录的路径信息,攻击者可以利用这些信息进一步对系统进行攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/8624/info

Nokia Electronic Documentation (NED) is prone to a vulnerability that may enable remote attackers to list directory contents. This issue may be exploited by appending a dot (.) to a request for a NED page. Exploitation will also have the side-effect of disclosing the path to the directory.

This issue was reported for NED installations hosted on WebLogic application servers. It is not known if NED is prone to the same behavior when hosted on other servers. It should be noted that although this vulnerability has been reported to affect Nokia Electronic Documentation version 5.0, previous versions might also be affected. 

http://www.example.com/docs/NED?action=retrieve&location=.
|受影响的产品
Nokia Electronic Documentation 5.0
|参考资料

来源:ATSTAKE
名称:A091503-1
链接:http://www.atstake.com/research/advisories/2003/a091503-1.txt

相关推荐: NetWin WebNEWS Remote Buffer Overflow Vulnerability

NetWin WebNEWS Remote Buffer Overflow Vulnerability 漏洞ID 1102458 漏洞类型 Boundary Condition Error 发布时间 2002-02-18 更新时间 2002-02-18 CVE…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享