|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
WebWasher Classic contains a flaw that may allow a malicious user to remotely connect to tcp ports listening on 127.0.0.1 of the WebWasher system. WebWasher Classic supports two server modes: 1) client mode, local mode (bound to 127.0.0.1); 2) server mode - network proxy (bound to 0.0.0.0). The issue is triggered when WebWasher server is running in server mode. It is possible that the flaw may allow an attacker to bypass security controls protecting the WebWasher system resulting in a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
This vulnerability is verified on the Windows version. MacOS and Linux versions have not been tested.
|
|
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
|
|
Products |
|
WebWasher Classic
 |
2.2.1 |
3.3 |
|
|
|
|
|
|
|
Credit |
- Oliver Karow - oliver
 greyhat.de - Personal Page
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
