Required CVE Record Information
Description
Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image.
References 4 Total
- securityfocus.com: 20070726 Re: Guidance Software response to iSEC report on EnCase mailing-list
- kb.cert.org: VU#912593 third-party-advisory
- securityfocus.com: 20070802 RE: Re: Guidance Software response to iSEC report on EnCase mailing-list
- http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- securityfocus.com: 20070726 Re: Guidance Software response to iSEC report on EnCase mailing-listx_transferred
- kb.cert.org: VU#912593 third-party-advisoryx_transferred
- securityfocus.com: 20070802 RE: Re: Guidance Software response to iSEC report on EnCase mailing-listx_transferred
- http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf x_transferred