3Com TippingPoint SMS Server management interface information disclosure
|tippingpoint-sms-information-disclosure (26338)||Low Risk|
3Com TippingPoint SMS (Security Management System) Server could allow a remote attacker to obtain sensitive information, caused by insecure permissions on certain Web management interface directories. An attacker could exploit this vulnerability to bypass authentication and obtain sensitive information, including configuration information if the vulnerable device was being used for backup purposes.
Upgrade to the latest version of TippingPoint SMS Server (22.214.171.12478 or later), as listed in 3Com Security Alert: 3COM-06-002. See References.
- 3Com Security Alert: 3COM-06-002 : TippingPoint¿ SMS Information Disclosure.
- ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability.
- BID-17935: 3Com TippingPoint SMS Information Disclosure Vulnerability
- CVE-2006-0993: The web management interface in 3Com TippingPoint SMS Server before 126.96.36.19978 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings.
- OSVDB ID: 25360: 3Com TippingPoint SMS Server Permission Weakness Remote Information Disclosure
- SA20058: 3Com TippingPoint SMS Server Information Disclosure
- SECTRACK ID: 1016051: TippingPoint SMS Server May Disclose Potentially Sensitive Information to Remote Users
- 3Com TippingPoint SMS Server 188.8.131.5277
May 09, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this