Remote Attack Vulnerability in Novell Access Manager Allows Security Control Bypass
CVE-2007-3570

Currently unrated

Key Information:

Vendor: Novell
Status: Access Manager
Vendor: CVE Published:; 5 July 2007

Summary

The Linux Access Gateway within Novell Access Manager versions prior to 3.0 SP1 Release Candidate 1 (RC1) is susceptible to a vulnerability that allows remote attackers to bypass certain security measures. This exploit takes advantage of Fullwidth/Halfwidth Unicode encoded data sent through HTTP POST requests, potentially compromising the security of affected systems and enabling unauthorized access.

References

http://www.vupen.com/english/advisories/2007/2390

vdb-entryx_refsource_VUPEN

http://www.vupen.com/english/advisories/2007/3075

vdb-entryx_refsource_VUPEN

http://www.novell.com/documentation/novellaccessmanager/r...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 5, 2007
Vulnerability Reserved
Jul 5, 2007