Nokia Electronic Documentation连接重定向漏洞

Nokia Electronic Documentation连接重定向漏洞

漏洞ID 1107484 漏洞类型 未知
发布时间 2003-09-15 更新时间 2003-10-06
图片[1]-Nokia Electronic Documentation连接重定向漏洞-安全小百科CVE编号 CVE-2003-0803
图片[2]-Nokia Electronic Documentation连接重定向漏洞-安全小百科CNNVD-ID CNNVD-200310-002
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23148
https://www.securityfocus.com/bid/87731
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200310-002
|漏洞详情
Nokia提供称为NED的WEB文档接口。NED没有正确处理用户提供的特殊HTTP请求,远程攻击者可以利用这个漏洞重定向连接到第三方系统。通过在HTTP协议URI中指定其他地址,可导致NED去获取指定的页面内容并返回,这可以导致攻击者可以访问本来不可以访问,而NED可以访问的资源。
|漏洞EXP
source: http://www.securityfocus.com/bid/8625/info

A vulnerability has been discovered in Nokia Electronic Documentation (NED) that may allow an attacker to redirect connections to a third party system. The problem likely occurs due to the NED server failing to sufficiently verify hosts provided within specific HTTP requests. As a result, an attacker may be capable of making a request that would cause data to be redirected to a third party system.

This may allow an attacker to interact with an otherwise inaccessible system, or potentially hide the origin of attacks launched against other targets.

http://www.example.org/docs/NED?action=retrieve&location=http://www.target.com/
|受影响的产品
Nokia Electronic Documentation 5.0
|参考资料

来源:ATSTAKE
名称:A091503-1
链接:http://www.atstake.com/research/advisories/2003/a091503-1.txt

相关推荐: Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability

Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability 漏洞ID 1102192 漏洞类型 Input Validation Error 发布时间 2002-04-16 更新时间 2002…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享