Computer Security
[EN] no-pyccku

EMC Avamar server / client security vulnerabilities
SecurityVulns ID:13039
Threat Level:
Description:Unauthorized files access, insufficient certificate validation.
Affected:EMC : Avamar 6.0
CVE:CVE-2013-0945 (EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
 CVE-2013-0944 (The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.)
Original documentdocumentEMC, ESA-2013-035: EMC Avamar Client Improper Certificate Validation Vulnerability (04.05.2013)
 documentEMC, ESA-2013-034: EMC Avamar Improper Authorization vulnerability (04.05.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod