Cisco VPN Concentrator HTTP错误页面设备信息泄露漏洞发布时间:2002-09-10 更新时间:2002-09-10 严重程度:中 威胁程度:服务器信息泄露 错误类型:配置错误 利用方式:服务器模式 BUGTRAQ ID:5624 受影响系统 Cisco VPN 3000 Concentrator 2.0详细描述 Cisco VPN 3000 series concentrators是一系列通过VPN通信的产品。 在部分条件下,远程用户可以获得敏感信息,当错误页面被访问的时候,HTTP错误页面会泄露相关的设备信息。导致攻击者获得这些信息进行攻击。 测试代码 无 解决方案 升级固件: Cisco VPN 3002 Hardware Client : Cisco VPN 3000 Concentrator 2.0: Cisco VPN 3000 Concentrator 2.5.2 (F): Cisco VPN 3000 Concentrator 2.5.2 (D): Cisco VPN 3000 Concentrator 2.5.2 (C): Cisco VPN 3000 Concentrator 2.5.2 (B): Cisco VPN 3000 Concentrator 2.5.2 (A): Cisco VPN 3000 Concentrator 3.0 (Rel): Cisco VPN 3000 Concentrator 3.0: Cisco VPN 3000 Concentrator 3.0.3 (B): Cisco VPN 3000 Concentrator 3.0.3 (A): Cisco VPN 3000 Concentrator 3.0.4: Cisco VPN 3000 Concentrator 3.1 (Rel): Cisco VPN 3000 Concentrator 3.1.1: Cisco VPN 3000 Concentrator 3.1.2: Cisco VPN 3000 Concentrator 3.1.4: Cisco VPN 3000 Concentrator 3.5 (Rel): Cisco Upgrade VPN 3000 Concentrator 3.5.4 http://www.cisco.com/tac Cisco VPN 3000 Concentrator 3.5.1: Cisco Upgrade VPN 3000 Concentrator 3.5.4 http://www.cisco.com/tac Cisco VPN 3000 Concentrator 3.5.2: Cisco Upgrade VPN 3000 Concentrator 3.5.4 http://www.cisco.com/tac Cisco VPN 3000 Concentrator 3.5.3: Cisco Upgrade VPN 3000 Concentrator 3.5.4 http://www.cisco.com/tac 相关信息 参考:http://online.securityfocus.com/advisories/4446 |
