The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-03-03T20:00:00

Updated: 2024-08-07T07:08:38.267Z

Reserved: 2010-03-03T00:00:00

Link: CVE-2009-4657

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-03-03T20:30:00.400

Modified: 2024-11-21T01:10:09.243

Link: CVE-2009-4657

cve-icon Redhat

No data.