| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <00c401c6a590$d4297c00$7c7c7400$@com>
Date: Wed, 12 Jul 2006 10:54:38 +0200
From: <labs@...sec.com>
To: <bugtraq@...urityfocus.com>
Subject: S21Sec-032-en: Vulnerability in Fatwire Content Server
##############################################################
- S21Sec Advisory -
##############################################################
Title: FatWire Content Server
ID: S21SEC-032-en
Severity: High - Administrative Privileges Escalation
History: 31.May.2006 Vulnerability discovered
05.Jun.2006 Fixed (patch available)
Scope: FatWire Content Server Portal
Platforms: Any
Author: Alberto Moro (amoro@...sec.com)
URL: http://www.s21sec.com/avisos/s21sec-032-en.txt
Release: Public
[ SUMMARY ]
The FatWire Content Server product suite enables companies to deploy a wide
variety and large quantity of Web sites and content-centric applications
that build customer loyalty, reach new markets, strengthen brand identity,
boost productivity, and reduce costs.
[ AFFECTED VERSIONS ]
Following tested versions are affected with this issue:
- FatWire Content Server 5.5.0
[ DESCRIPTION ]
It's possible to obtain administrative privileges in the portal without
previous registration or validation.
[ WORKAROUND ]
Upgrade FatWire CS to the last version or apply the patch provided by
vendor.
[ ACKNOWLEDGMENTS ]
These vulnerabilities have been found and researched by:
- Alberto Moro <amoro@...sec.com> S21Sec
With thanks to:
- Leonardo Nve <lnve@...sec.com> S21Sec
[ REFERENCES ]
* FatWire Content Server
http://www.fatwire.com/cs/Satellite/CSPage_US.html
* S21Sec
http://www.s21sec.com
Powered by blists - more mailing lists