Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
eZ publish siteaccess URIMatching 绕过访问限制漏洞
Vulnerability Description
eZ publish 3.5至3.8在20050812之前的版本中实施的siteaccess URIMatching将一个URL中的所有非字母数字字符转化成'_' (下划线),远程攻击者因此可以通在URI中插入某些字符,如/admin:de请求,匹配只许可/admin_de访问/admin的规则,绕过访问限制。
CVSS Information
N/A
Vulnerability Type
N/A