|
|
| |
| It is possible for a remote user to improperly gain access to administrative functions of InterScan VirusWall for Windows NT without prior authenticating with it. |
| |
Credit:
The information has been provided by Nobuo Miwa LAC.
|
| |
Vulnerable systems:
InterScan VirusWall for Windows NT 3.51
To change the configurations via web browser, access to following URL directly (without accessing the opening page):
http://VirusWall.example.com/interscan/cgi-bin/interscan.dll
Since no authentication is required, any remote user can change configuration settings.
Workaround:
Until the patch will be released, set up access control to refuse access to untrusted networks in servers (IIS servers) that InterScan VirusWall has been installed on.
|
|
|
