Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jetro COCKPIT Secure Browsing 输入验证漏洞
Vulnerability Description
Jetro COCKPIT Secure Browsing(JCSB)是以色列Jetro Platforms公司的一套安全浏览解决方案。该方案支持从DMZ服务器端中的虚拟浏览器浏览企业网络之外的网页,并能够识别恶意代码、防止已知的威胁等。 JCSB 4.3.1和4.3.3版本中的客户端中存在输入验证漏洞,该漏洞源于程序没有验证RDP_FILE_TRANSFER文档中的FileName元素。远程攻击者可通过提供EXE扩展文件利用该漏洞执行任意程序。
CVSS Information
N/A
Vulnerability Type
N/A