Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Direct_web_remoting | Getahead | 1.0 | 1.0 |
Direct_web_remoting | Getahead | 0.8 | 0.8 |
Direct_web_remoting | Getahead | 1.1.2 | 1.1.2 |
Direct_web_remoting | Getahead | 1.1.0 | 1.1.0 |
Direct_web_remoting | Getahead | 0.9 | 0.9 |
Direct_web_remoting | Getahead | 0.7 | 0.7 |
Direct_web_remoting | Getahead | 1.1.1 | 1.1.1 |
Direct_web_remoting | Getahead | * | 1.1.3 |