CVE-2008-6706 Information

Description

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0 as used with Avaya Communication Manager 3.1.x allow remote attackers to obtain (1) application server configuration (2) database server configuration including encrypted passwords (3) a system utility that decrypts \subscriber table passwords\ (4) a system utility that decrypts database passwords and (5) a system utility that encrypts \subscriber table passwords.\

Reference

http://osvdb.org/46602 http://secunia.com/advisories/30751 http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm http://www.securityfocus.com/bid/29939 http://www.voipshield.com/research-details.php?id=81 http://www.voipshield.com/research-details.php?id=82 http://www.voipshield.com/research-details.php?id=83 http://www.voipshield.com/research-details.php?id=84 http://www.voipshield.com/research-details.php?id=85 http://www.vupen.com/english/advisories/2008/1943/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43382 https://exchange.xforce.ibmcloud.com/vulnerabilities/43383 https://exchange.xforce.ibmcloud.com/vulnerabilities/43387 https://exchange.xforce.ibmcloud.com/vulnerabilities/43388