Vulnerabilities > CVE-2005-4197 - Unspecified vulnerability in Nortel SSL VPN 4.1.2.11/4.1.2.12
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | Nortel SSL VPN 4.2.1 .6 Web Interface Input Validation Vulnerability. CVE-2005-4197. Webapps exploit for cgi platform |
id | EDB-ID:26771 |
last seen | 2016-02-03 |
modified | 2005-12-08 |
published | 2005-12-08 |
reporter | Daniel Fabian |
source | https://www.exploit-db.com/download/26771/ |
title | Nortel SSL VPN 4.2.1.6 - Web Interface Input Validation Vulnerability |