漏洞类别:Web server漏洞等级: 
漏洞信息
Note: WinGate Versions 2.0 to 4.1 (beta A) are susceptible to this vulnerability.
By default, the WinGate log service is configured to only allow connections from 127.0.0.1; however, the log service can also be set to allow connections from anywhere. Either way, there is a vulnerability that allows any file to be read through the log service port over an HTTP connection.
Update (October 16, 2000): A variation of this vulnerability exists in recent releases of WinGate. By using escaped characters, one can achieve the same effect.
漏洞危害
If successfully exploited, unauthorized users can read any file through the log service port over an HTTP connection.
解决方案
Upgrade to the latest version of WinGate. WinGate Version 4.1 (Beta C) is not susceptible to this vulnerability. You can download WinGate from Qbik's Web site.
0day
文章评论