Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Direct_web_remoting | Getahead | * | 1.1.3 (including) |
| Direct_web_remoting | Getahead | 0.7 (including) | 0.7 (including) |
| Direct_web_remoting | Getahead | 0.8 (including) | 0.8 (including) |
| Direct_web_remoting | Getahead | 0.9 (including) | 0.9 (including) |
| Direct_web_remoting | Getahead | 1.0 (including) | 1.0 (including) |
| Direct_web_remoting | Getahead | 1.1.0 (including) | 1.1.0 (including) |
| Direct_web_remoting | Getahead | 1.1.1 (including) | 1.1.1 (including) |
| Direct_web_remoting | Getahead | 1.1.2 (including) | 1.1.2 (including) |
References
- http://getahead.ltd.uk/dwr/changelog
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://osvdb.org/32657
- http://secunia.com/advisories/23641
- http://www.securityfocus.com/bid/21955
- http://www.vupen.com/english/advisories/2007/0095
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31377
- http://getahead.ltd.uk/dwr/changelog
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://osvdb.org/32657
- http://secunia.com/advisories/23641
- http://www.securityfocus.com/bid/21955
- http://www.vupen.com/english/advisories/2007/0095
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31377