vendor:
Progress WebSpeed
by:
SecurityFocus
7.5
CVSS
HIGH
Unauthorized Access
287
CWE
Product Name: Progress WebSpeed
Affected Version From: 3.1a
Affected Version To: 3.1e
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
Progress WebSpeed Unauthorized Access Vulnerability
Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts. An attacker may leverage this issue to create and execute malicious WebSpeed code on the host running the webserver. Such unauthorized access may help the attacker launch other attacks. WebSpeed 3.1a, 3.1d, and 3.1e are vulnerable; other versions may also be affected.
Mitigation:
Ensure that the 'Development Mode' of the application is not used in production systems and that the 'TTY' directory is not installed.