| VID |
23108 |
| Severity |
40 |
| Port |
81 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The EmuLive Server4 is vulnerable to an authentication bypass vulnerability. EmuLive Server4 is a web and media streaming server for Microsoft Windows 2000 and XP operating systems. EmuLive Server4 Commerce Edition Build 7560 could allow a remote attacker to obtain unauthorized access. By requesting a URL, "//PUBLIC/ADMIN/INDEX.HTM" that contains an extra leading / (slash), a remote attacker can bypass the authentication for the remote administration feature and gain access to the system with administrator privileges.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-09/0251.html
* Platforms Affected:
Emulive Imaging Corporation, Emulive Server4 Commerce Edition Build 7560
Microsoft Windows Any version |
| Recommendation |
No remedy available as of March 2005.
Upgrade to the new version of Emulive Server4, when new version fixed this problem becomes available from the Emulive Server4 Web site at http://www.emulive.com/index-main.htm |
| Related URL |
CVE-2004-1695 (CVE) |
| Related URL |
11226 (SecurityFocus) |
| Related URL |
17450 (ISS) |
|
