EmuLive Server4 Authentication Bypass and Denial of Service Vulnerabilities

vendor:

Server4

by:

7.5

CVSS

HIGH

Authentication Bypass, Denial of Service

CWE

Product Name: Server4

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

EmuLive Server4 Authentication Bypass and Denial of Service Vulnerabilities

An attacker can exploit an authentication bypass vulnerability in EmuLive Server4 to gain unauthorized access to administrator scripts, allowing manipulation of server settings. Additionally, a denial of service vulnerability can be exploited to freeze the affected computer, denying service to legitimate users.

Mitigation:

No mitigation provided

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11226/info

Reportedly EmuLive Server4 is affected by an authentication bypass vulnerability and a denial of service vulnerability. These issues are due to an access validation issue and a failure to handle exceptional conditions.

An attacker may leverage the authentication bypass issue to gain unauthorized access to the administrator scripts of the affected application, facilitating manipulation of various server settings. The denial of service issue may be exploited to cause the affected computer to freeze, denying service to legitimate users.

http://www.example.com//PUBLIC/ADMIN/INDEX.HTM

Note that the '//' after the 'http://www.example.com' is where a session ID would be presented, by providing no data between these slashes a NULL session ID is used to authenticate the attacker.