Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2011-0756 |
CWE-ID | CWE-255 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
WebDefend Other software / Other software solutions |
Vendor | Trustwave |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU45063
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-0756
CWE-ID:
CWE-255 - Credentials Management
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port.
MitigationInstall update from vendor's website.
Vulnerable software versionsWebDefend: 2.0
External linkshttp://securitytracker.com/id?1025447
http://www.trustwave.com/spiderlabs/advisories/TWSL2011-001.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.