CVE-2004-0465

WebConnect <6.5-6.4.4 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by karak0rsan · perldosmultiple

https://www.exploit-db.com/exploits/838

View Code ZIP pw:eip

References (6)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/628411

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/JSHA-69HVPK

[Exploit, Patch, Vendor Advisory] http://www.cirt.dk/advisories/cirt-29-advisory.pdf

[Mailing List] http://marc.info/?l=bugtraq&m=110910838600145&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/19394

[Patch] http://secunia.com/advisories/14006/

Scores

EPSS 0.2239

EPSS Percentile 95.8%

Details

Status published

Products (2)

openconnect/webconnect 6.4.4

openconnect/webconnect 6.5

Published Dec 31, 2004

Tracked Since Feb 18, 2026