AOH :: HP Unsorted F :: B06-3559.HTM

fatwire content server vuln



S21Sec-032-en: Vulnerability in Fatwire Content Server
S21Sec-032-en: Vulnerability in Fatwire Content Server



##############################################################

                     - S21Sec Advisory -

##############################################################

    Title:   FatWire Content Server
       ID:   S21SEC-032-en
 Severity:   High - Administrative Privileges Escalation
  History:   31.May.2006 Vulnerability discovered
	     05.Jun.2006 Fixed (patch available)
    Scope:   FatWire Content Server Portal
Platforms:   Any
Author: Alberto Moro (amoro@s21sec.com) 
URL: http://www.s21sec.com/avisos/s21sec-032-en.txt 
  Release:   Public

[ SUMMARY ]

The FatWire Content Server product suite enables companies to deploy a wide
variety and large quantity of Web sites and content-centric applications
that build customer loyalty, reach new markets, strengthen brand identity,
boost productivity, and reduce costs.


[ AFFECTED VERSIONS ]

Following tested versions are affected with this issue:

	- FatWire Content Server 5.5.0 


[ DESCRIPTION ]

It's possible to obtain administrative privileges in the portal without
previous registration or validation.


[ WORKAROUND ]

Upgrade FatWire CS to the last version or apply the patch provided by
vendor.


[ ACKNOWLEDGMENTS ]

These vulnerabilities have been found and researched by:

- Alberto Moro  S21Sec 

With thanks to:

- Leonardo Nve  S21Sec 
	

[ REFERENCES ]

* FatWire Content Server
http://www.fatwire.com/cs/Satellite/CSPage_US.html 

* S21Sec
http://www.s21sec.com 



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.