Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Parallels Remote Application Server 信息泄露漏洞
Vulnerability Description
Parallels Remote Application Server(RAS)是美国Parallels公司的一套应用程序交付兼VDI(虚拟桌面基础架构)解决方案。 Parallels Remote Application Server 存在安全漏洞,该漏洞允许远程攻击者发现一个内网IP地址,因为登录表单的提交(即使凭据是空白的)将这个地址提供给攻击者可利用该漏洞的客户端作为“host”值使用。
CVSS Information
N/A
Vulnerability Type
N/A