lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <00c301c6a590$a1acae00$e5060a00$@com>
Date: Wed Jul 12 09:53:50 2006
From: labs at s21sec.com (labs@...sec.com)
Subject: S21Sec-032-en: Vulnerability in Fatwire Content
	Server

##############################################################

                     - S21Sec Advisory -

##############################################################

    Title:   FatWire Content Server
       ID:   S21SEC-032-en
 Severity:   High - Administrative Privileges Escalation
  History:   31.May.2006 Vulnerability discovered
	     05.Jun.2006 Fixed (patch available)
    Scope:   FatWire Content Server Portal
Platforms:   Any
   Author:   Alberto Moro (amoro@...sec.com)
      URL:   http://www.s21sec.com/avisos/s21sec-032-en.txt
  Release:   Public

[ SUMMARY ]

The FatWire Content Server product suite enables companies to deploy a wide
variety 
and large quantity of Web sites and content-centric applications that build
customer 
loyalty, reach new markets, strengthen brand identity, boost productivity,
and reduce costs.


[ AFFECTED VERSIONS ]

Following tested versions are affected with this issue:

	- FatWire Content Server 5.5.0 


[ DESCRIPTION ]

It's possible to obtain administrative privileges in the portal without
previous registration or validation.


[ WORKAROUND ]

Upgrade FatWire CS to the last version or apply the patch provided by
vendor.


[ ACKNOWLEDGMENTS ]

These vulnerabilities have been found and researched by:

	- Alberto Moro <amoro@...sec.com> S21Sec

With thanks to:

	- Leonardo Nve <lnve@...sec.com> S21Sec
	

[ REFERENCES ]

* FatWire Content Server
  http://www.fatwire.com/cs/Satellite/CSPage_US.html

* S21Sec
  http://www.s21sec.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ