Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13496
HistoryJul 12, 2006 - 12:00 a.m.

[Full-disclosure] S21Sec-032-en: Vulnerability in Fatwire Content Server

2006-07-1200:00:00
vulners.com
19
JSON

##############################################################

                 - S21Sec Advisory -

##############################################################

Title:   FatWire Content Server
   ID:   S21SEC-032-en

Severity: High - Administrative Privileges Escalation
History: 31.May.2006 Vulnerability discovered
05.Jun.2006 Fixed (patch available)
Scope: FatWire Content Server Portal
Platforms: Any
Author: Alberto Moro ([email protected])
URL: http://www.s21sec.com/avisos/s21sec-032-en.txt
Release: Public

[ SUMMARY ]

The FatWire Content Server product suite enables companies to deploy a wide
variety
and large quantity of Web sites and content-centric applications that build
customer
loyalty, reach new markets, strengthen brand identity, boost productivity,
and reduce costs.

[ AFFECTED VERSIONS ]

Following tested versions are affected with this issue:

    - FatWire Content Server 5.5.0

[ DESCRIPTION ]

It's possible to obtain administrative privileges in the portal without
previous registration or validation.

[ WORKAROUND ]

Upgrade FatWire CS to the last version or apply the patch provided by
vendor.

[ ACKNOWLEDGMENTS ]

These vulnerabilities have been found and researched by:

    - Alberto Moro <[email protected]> S21Sec

With thanks to:

    - Leonardo Nve <[email protected]> S21Sec

[ REFERENCES ]

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON