Computer Security
[EN] securityvulns.ru no-pyccku


EMC Avamar server / client security vulnerabilities
Published:04.05.2013
Source:
SecurityVulns ID:13039
Type:remote
Threat Level:
6/10
Description:Unauthorized files access, insufficient certificate validation.
Affected:EMC : Avamar 6.0
CVE:CVE-2013-0945 (EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
 CVE-2013-0944 (The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.)
Original documentdocumentEMC, ESA-2013-035: EMC Avamar Client Improper Certificate Validation Vulnerability (04.05.2013)
 documentEMC, ESA-2013-034: EMC Avamar Improper Authorization vulnerability (04.05.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod