CVE-2009-4657

Name of the Vulnerable Software and Affected Versions Xerver version 4.32

Description The issue concerns a lack of authentication in the administrator package, allowing remote attackers to modify application settings. This can be achieved by connecting to the application on port 32123. For example, an attacker can set the action option to wizardStep1 to exploit this issue.

Recommendations For Xerver version 4.32, consider restricting access to port 32123 until a fix is available. As a temporary workaround, implement additional authentication mechanisms for the administrator package to prevent unauthorized access.