CVE-2020-35710

CVE-2020-35710

Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker’s client for use as a "host" value. In other words, after an attacker’s web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data.

Source: CVE-2020-35710

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다