漏洞信息详情
Polar Helpdesk基于cookie的认证系统绕过漏洞
- CNNVD编号:CNNVD-200412-1067
- 危害等级: 低危
- CVE编号: CVE-2004-2736
- 漏洞类型: 授权问题
- 发布时间: 2004-12-31
- 威胁类型: 远程
- 更新时间: 2007-10-10
- 厂 商: polar_software
- 漏洞来源: Discovery of this ...
漏洞简介
Polar HelpDesk 3.0存在漏洞。远程攻击者可以通过设置一个cookie中UserId和UserType的值绕过认证。
漏洞公告
It is reported that this vulnerability is addressed in the current build of Polar HelpDesk. This is not confirmed.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
参考网址
来源: XF 名称: polar-helpdesk-weak-security(16778) 链接:http://xforce.iss.net/xforce/xfdb/16778 来源: BID 名称: 10775 链接:http://www.securityfocus.com/bid/10775 来源: www.securiteam.com 链接:http://www.securiteam.com/windowsntfocus/5OP0K0ADGA.HTML 来源: OSVDB 名称: 8168 链接:http://www.osvdb.org/8168 来源: SECUNIA 名称: 12120 链接:http://secunia.com/advisories/12120
受影响实体
- Polar_software Helpdesk:3.0
补丁
暂无
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
评论