Web Servers : A-A-S Application Access Server <= 2.0.48 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100197

Categoría: Web Servers

Título: A-A-S Application Access Server <= 2.0.48 Multiple Vulnerabilities

Resumen: A-A-S Application Access Server is prone to multiple; vulnerabilities.

Descripción: Summary:
A-A-S Application Access Server is prone to multiple
vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- cross-site request-forgery (CSRF) vulnerability

- insecure default password vulnerability

- information disclosure vulnerability

Vulnerability Impact:
Attackers can exploit these issues to run privileged commands on
the affected computer and gain unauthorized administrative access to the affected application and
the underlying system.

Affected Software/OS:
These issues affect version 2.0.48. Other versions may also be
affected.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General solution
options are to upgrade to a newer release, disable respective features, remove the product or
replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1464
BugTraq ID: 34911
http://www.securityfocus.com/bid/34911
Bugtraq: 20090512 Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/503434/100/0/threaded
http://www.syhunt.com/advisories/?id=aas-multiple
http://www.syhunt.com/advisories/aashack.txt
http://securitytracker.com/id?1022204
http://secunia.com/advisories/35034
Common Vulnerability Exposure (CVE) ID: CVE-2009-1465
XForce ISS Database: aas-default-password(50589)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50589
Common Vulnerability Exposure (CVE) ID: CVE-2009-1466
XForce ISS Database: aas-aas-info-disclosure(50590)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50590

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100197
Categoría:	Web Servers
Título:	A-A-S Application Access Server <= 2.0.48 Multiple Vulnerabilities
Resumen:	A-A-S Application Access Server is prone to multiple; vulnerabilities.
Descripción:	Summary: A-A-S Application Access Server is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - cross-site request-forgery (CSRF) vulnerability - insecure default password vulnerability - information disclosure vulnerability Vulnerability Impact: Attackers can exploit these issues to run privileged commands on the affected computer and gain unauthorized administrative access to the affected application and the underlying system. Affected Software/OS: These issues affect version 2.0.48. Other versions may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1464 BugTraq ID: 34911 http://www.securityfocus.com/bid/34911 Bugtraq: 20090512 Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/503434/100/0/threaded http://www.syhunt.com/advisories/?id=aas-multiple http://www.syhunt.com/advisories/aashack.txt http://securitytracker.com/id?1022204 http://secunia.com/advisories/35034 Common Vulnerability Exposure (CVE) ID: CVE-2009-1465 XForce ISS Database: aas-default-password(50589) https://exchange.xforce.ibmcloud.com/vulnerabilities/50589 Common Vulnerability Exposure (CVE) ID: CVE-2009-1466 XForce ISS Database: aas-aas-info-disclosure(50590) https://exchange.xforce.ibmcloud.com/vulnerabilities/50590
Copyright	Copyright (C) 2009 Greenbone AG