The vulnerability involves the XUDA template files, which are included with the package. The templates do not reference absolute pathnames when refering to other files.
According to the discover, "to determine whether anyone has attempted to exploit this vulnerability, check the enroll-access.log and the admin-access.log files in the WebServer/logs directory of your Net Tools PKI Server installation. Search for any log entries which include "x-templates" in the URL. Each entry can then be examined to see the IP address of the computer and what files were accessed."
VENDOR RESPONSE
Network Associates is aware of the problem and has released a patch to correct the matter. Be sure to review the readme.txt file.
CREDITS
|
Net Tools PKI Server Allows Unauthorized Access
0 comments
Hide comments