Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4202

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4202
Last Modified 05 Sep 2008 05:27:39
Published 07 Aug 2007 09:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4202

Summary

Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image.

Vulnerable Systems

Application

  • Guidance Software Encase 6.0


References

CERT-VN - VU#912593

BUGTRAQ - 20070802 RE: Re: Guidance Software response to iSEC report on EnCase

BUGTRAQ - 20070726 Re: Guidance Software response to iSEC report on EnCase

MISC - http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf


Last Updated: 27 May 2016 10:45:48