RSS   Vulnerabilities for 'Authentication server'   RSS

2013-06-28
 
CVE-2013-4098

CWE-20
 

 
ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter.

 
 
CVE-2013-4097

CWE-22
 

 
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message.

 
 
CVE-2013-4096

CWE-20
 

 
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field.

 


Copyright 2017, cxsecurity.com