Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

OpenConnect Information for VU#628411

Date Notified:2005-01-01
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

Vulnerability Note VU#628411

OpenConnect WebConnect Directory Traversal Vulnerability

Overview

Manipulation of parameters to jretest.html may allow exposure of limited file data outside the WebConnect installation directory.

I. Description

From the OpenConnect webpage:

WebConnect is client-server based software that provides secure browser based emulation to mainframe, midrange and UNIX systems. WebConnect enables enterprise organizations to provide suppliers, partners and employees with secure access to vital applications and information. Enterprises increase productivity and profits, and retain all the advantages of secure host connectivity to new and existing applications in "real-time."

Because WebConnect is non-intrusive, it provides secure SSL encrypted information migration and access without requiring modification to the host. With its patented secure, "persistent connectivity" technology, only WebConnect is capable of supporting tens of thousands of concurrent browser-based users.


WebConnect 6.4.4 and 6.5 do not validate access to product configuration file pathnames outside the installation directory. This can allow the parsing of ini-style files and display of one value from the file in html returned to the user.

II. Impact

The file being accessed must be in ini-style to be parsed within WebConnect. The jretest.html page will attempt to retrieve a user configuration value from that file. When the value is found to be invalid, it is displayed within the returned error html page. This allows the end user to see the value for one key within the ini-style file. The entire file is not displayed to the user nor can the user manipulate the file in any way. This vulnerability is present in all platform versions of WebConnect but is Windows-focused due to the need for the target file to be ini-style.

III. Solution

Update to a corrected version of WebConnect

This vulnerability has been corrected in WebConnect versions 6.4.5 and 6.5.1. Licensed users of WebConnect may contact OpenConnect Technical Support to receive these updated versions.

Credit

Thanks to Dennis Rand of the Danish Computer Incident Response Team for reporting this vulnerability.

This document was written by OpenConnect WebConnect Development based primarily on information provided by Dennis Rand.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Licensed users can send mail to OpenConnect technical support mailto: ocs_support@oc.com, or call +1-972-888-0678.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information