- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 29699
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- REMOTE
- Платформа
- NOVELL
- CVE
- N/A
- Дата публикации
- 2007-03-02
Novell Access Management SSLVPN Server - Security Bypass
Код:
source: https://www.securityfocus.com/bid/22787/info
Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability.
A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attacks.
This issue affects version 3 IR1 of Novell Access Management Server.
A proof-of-concept modification to 'policy.txt' would be as follows:
sslize {
from : 0.0.0.0 / 0
to :10.0.0.0/255.0.0.0
port : 80
protocol :tcp
action :allow
};
The above example demonstrates how an attacker would allow their client machine HTTP access to any host on the remote network.- Источник
- www.exploit-db.com
