The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-03-03T20:00:00
Updated: 2024-08-07T07:08:38.267Z
Reserved: 2010-03-03T00:00:00
Link: CVE-2009-4657
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-03-03T20:30:00.400
Modified: 2024-11-21T01:10:09.243
Link: CVE-2009-4657
Redhat
No data.