CVE-2004-0465
Description
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:openconnect:webconnect:6.4.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:openconnect:webconnect:6.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:openconnect:webconnect:6.5:*:*:*:*:*:*:*
- Range: <=6.5
Patches
Vulnerability mechanics
Root cause
"The jretest.html script does not properly sanitize the WCP_USER parameter, allowing directory traversal."
Attack vector
Remote attackers can exploit this vulnerability by sending a crafted GET request to the jretest.html script. The request must include a WCP_USER parameter containing sequences of "..//" to navigate the file system. This allows attackers to specify arbitrary INI formatted files for retrieval, such as sensitive keys. The vulnerability is present in WebConnect versions 6.5 and 6.4.4, and possibly earlier [ref_id=1].
Affected code
The vulnerability resides within the jretest.html script in WebConnect. Specifically, the script fails to validate the input provided in the WCP_USER parameter, which is used to specify files. This lack of sanitization allows for directory traversal attacks.
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability was fixed. Remediation guidance suggests updating to a non-vulnerable version, but specific version numbers for a fixed release are not mentioned. Therefore, the exact changes made to address the directory traversal are not detailed.
Preconditions
- networkThe target system must be running WebConnect version 6.5 or 6.4.4 (or earlier).
- inputThe attacker must be able to send a crafted HTTP GET request to the jretest.html script.
Reproduction
The provided reference [ref_id=1] includes a Perl script demonstrating how to exploit this vulnerability. The script constructs a GET request to `/jretest.html?lang=&parms=default&WCP_USER=..//..//..//..//..//boot.ini&action=HTTP/1.0\r\n` to attempt to read the `boot.ini` file.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- secunia.com/advisories/14006/nvdPatch
- www.cirt.dk/advisories/cirt-29-advisory.pdfnvdExploitPatchVendor Advisory
- www.kb.cert.org/vuls/id/628411nvdThird Party AdvisoryUS Government Resource
- www.kb.cert.org/vuls/id/JSHA-69HVPKnvdThird Party AdvisoryUS Government Resource
- marc.infonvd
- exchange.xforce.ibmcloud.com/vulnerabilities/19394nvd
News mentions
0No linked articles in our index yet.