Notified:  January 01, 2005 Updated: February 20, 2005

Status

Affected

Vendor Statement

Vulnerability Note VU#628411 OpenConnect WebConnect Directory Traversal Vulnerability Overview Manipulation of parameters to jretest.html may allow exposure of limited file data outside the WebConnect installation directory. I. Description From the OpenConnect webpage: WebConnect is client-server based software that provides secure browser based emulation to mainframe, midrange and UNIX systems. WebConnect enables enterprise organizations to provide suppliers, partners and employees with secure access to vital applications and information. Enterprises increase productivity and profits, and retain all the advantages of secure host connectivity to new and existing applications in "real-time." Because WebConnect is non-intrusive, it provides secure SSL encrypted information migration and access without requiring modification to the host. With its patented secure, "persistent connectivity" technology, only WebConnect is capable of supporting tens of thousands of concurrent browser-based users. WebConnect 6.4.4 and 6.5 do not validate access to product configuration file pathnames outside the installation directory. This can allow the parsing of ini-style files and display of one value from the file in html returned to the user. II. Impact The file being accessed must be in ini-style to be parsed within WebConnect. The jretest.html page will attempt to retrieve a user configuration value from that file. When the value is found to be invalid, it is displayed within the returned error html page. This allows the end user to see the value for one key within the ini-style file. The entire file is not displayed to the user nor can the user manipulate the file in any way. This vulnerability is present in all platform versions of WebConnect but is Windows-focused due to the need for the target file to be ini-style. III. Solution Update to a corrected version of WebConnect This vulnerability has been corrected in WebConnect versions 6.4.5 and 6.5.1. Licensed users of WebConnect may contact OpenConnect Technical Support to receive these updated versions. Credit Thanks to Dennis Rand of the Danish Computer Incident Response Team for reporting this vulnerability. This document was written by OpenConnect WebConnect Development based primarily on information provided by Dennis Rand.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Licensed users can send mail to OpenConnect technical support mailto: ocs_support@oc.com, or call +1-972-888-0678.