ID
VAR-E-201107-0580
TITLE
Avaya Secure Access Link (SAL) Gateway Invalid Domian Servers Information Disclosure Vulnerability
Trust: 0.3
DESCRIPTION
Avaya Secure Access Link (SAL) gateway is prone to an information-disclosure vulnerability.
To exploit this issue, attackers need to host malicious email servers with 'secavaya.com' and 'secaxeda.com' domain names.
Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.
This issue affects Secure Access Link 1.5, 1.8, and 2.0.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | avaya | model: | secure access link | scope: | eq | version: | 2.0 | Trust: 0.3 |
| vendor: | avaya | model: | secure access link | scope: | eq | version: | 1.8 | Trust: 0.3 |
| vendor: | avaya | model: | secure access link | scope: | eq | version: | 1.5 | Trust: 0.3 |
EXPLOIT
An attacker can exploit this issue by controlling the 'secavaya.com' and 'secaxeda.com' domains.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Configuration Error
Trust: 0.3
CREDITS
Anonymous.
Trust: 0.3
EXTERNAL IDS
| db: | CERT/CC | id: | VU#690315 | Trust: 0.3 |
| db: | BID | id: | 48942 | Trust: 0.3 |
REFERENCES
| url: | http://www.avaya.com/usa/service/secure-access-link | Trust: 0.3 |
| url: | http://www.kb.cert.org/vuls/id/690315 | Trust: 0.3 |
| url: | http://support.avaya.com/css/p8/documents/100140483 | Trust: 0.3 |
| url: | http://www.avaya.com | Trust: 0.3 |
SOURCES
| db: | BID | id: | 48942 |
LAST UPDATE DATE
2022-07-27T09:50:05.629000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 48942 | date: | 2011-07-29T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 48942 | date: | 2011-07-29T00:00:00 |