Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6385

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2007-6385
Last Modified 07 Mar 2011 10:02:36
Published 14 Dec 2007 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-6385

Summary

The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.

Vulnerable Systems

Application

  • Kerio Winroute Firewall 5.0.1

  • Kerio Winroute Firewall 5.0.2

  • Kerio Winroute Firewall 5.0.3

  • Kerio Winroute Firewall 5.0.4

  • Kerio Winroute Firewall 5.0.5

  • Kerio Winroute Firewall 5.0.6

  • Kerio Winroute Firewall 5.0.7

  • Kerio Winroute Firewall 5.0.8

  • Kerio Winroute Firewall 5.0.9

  • Kerio Winroute Firewall 5.1

  • Kerio Winroute Firewall 5.1.1

  • Kerio Winroute Firewall 5.1.10

  • Kerio Winroute Firewall 5.1.2

  • Kerio Winroute Firewall 5.1.3

  • Kerio Winroute Firewall 5.1.4

  • Kerio Winroute Firewall 5.1.5

  • Kerio Winroute Firewall 5.1.6

  • Kerio Winroute Firewall 5.1.7

  • Kerio Winroute Firewall 5.1.8

  • Kerio Winroute Firewall 5.1.9

  • Kerio Winroute Firewall 5.10

  • Kerio Winroute Firewall 6.0

  • Kerio Winroute Firewall 6.0.1

  • Kerio Winroute Firewall 6.0.11

  • Kerio Winroute Firewall 6.0.2

  • Kerio Winroute Firewall 6.0.3

  • Kerio Winroute Firewall 6.0.4

  • Kerio Winroute Firewall 6.0.5

  • Kerio Winroute Firewall 6.0.6

  • Kerio Winroute Firewall 6.0.7

  • Kerio Winroute Firewall 6.0.8

  • Kerio Winroute Firewall 6.0.9

  • Kerio Winroute Firewall 6.1

  • Kerio Winroute Firewall 6.1.1

  • Kerio Winroute Firewall 6.1.2

  • Kerio Winroute Firewall 6.1.3

  • Kerio Winroute Firewall 6.1.4

  • Kerio Winroute Firewall 6.1.4 Patch 1

  • Kerio Winroute Firewall 6.1.4 Patch 2

  • Kerio Winroute Firewall 6.2

  • Kerio Winroute Firewall 6.2.1

  • Kerio Winroute Firewall 6.2.2

  • Kerio Winroute Firewall 6.2.3

  • Kerio Winroute Firewall 6.3.0

  • Kerio Winroute Firewall 6.3.1

  • Kerio Winroute Firewall 6.4.0


References

CONFIRM - http://www.kerio.com/kwf_history.html

VUPEN - ADV-2007-4212

BID - 26851

SECUNIA - 28072

OSVDB - 42122

XF - kerio-unspecified-security-bypass(39020)

SECTRACK - 1019095


Last Updated: 27 May 2016 10:46:28