FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-07-07 00:05
Updated : 2018-10-18 16:47
NVD link : CVE-2006-3425
Mitre link : CVE-2006-3425
CVE.ORG link : CVE-2006-3425
JSON object : View
Products Affected
lumension
- patchlink_update_server
novell
- zenworks
CWE