Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4197

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4197
Last Modified 07 Mar 2011 09:27:49
Published 13 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4197

Summary

tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet.

Vulnerable Systems

Application

  • Nortel Ssl Vpn 4.1.2.11

  • Nortel Ssl Vpn 4.1.2.12

  • Nortel Ssl Vpn 4.2.1.6


References

VUPEN - ADV-2005-2845

BID - 15798

BUGTRAQ - 20051212 SEC Consult SA-20051211-0 :: Nortel SSL VPN Cross Site Scripting/Command Execution

MISC - http://www.sec-consult.com/247.html

SECTRACK - 1015341

SECUNIA - 17974


Last Updated: 27 May 2016 10:41:12