CVE-2015-7322

Sažetak

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests.

Reference

http://www.securitytracker.com/id/1033685
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40053
https://profundis-labs.com/advisories/CVE-2015-7322.txt

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

08-12-2016 - 03:13

Objavljeno

05-10-2015 - 15:59