Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2065

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2065
Last Modified 05 Sep 2008 04:43:06
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2065

Summary

DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.

Vulnerable Systems

Application

  • Daniel Barron Dansguardian 2.2.10

  • Daniel Barron Dansguardian 2.2.4

  • Daniel Barron Dansguardian 2.2.5

  • Daniel Barron Dansguardian 2.2.6

  • Daniel Barron Dansguardian 2.2.7

  • Daniel Barron Dansguardian 2.2.7.1

  • Daniel Barron Dansguardian 2.2.8

  • Daniel Barron Dansguardian 2.2.9

  • Daniel Barron Dansguardian 2.2.9.1

  • Daniel Barron Dansguardian 2.4.5.1

  • Daniel Barron Dansguardian 2.6.1.5

  • Daniel Barron Dansguardian 2.7.3.1

  • Daniel Barron Dansguardian 2.8


References

BID - 10823

SECUNIA - 12191

XF - dansguardian-filename-bypass-filtering(16836)

BUGTRAQ - 20040729 DansGuardian Hex Encoding URL Banned Extension Filter Bypass

CONFIRM - http://dansguardian.org/?page=history

OSVDB - 8270

SECTRACK - 1010817


Last Updated: 27 May 2016 10:39:18