CVE-2005-4202

Name of the Vulnerable Software and Affected Versions LogiSphere version 0.9.9j

Description The issue allows remote attackers to access arbitrary files via specific sequences in the URL, including (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) ".." (dot dot backslash) sequences in the NS-query-pat parameter to the search URL.

Recommendations For LogiSphere version 0.9.9j, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, avoid using the source parameter in viewsource.jsp and restrict the use of the NS-query-pat parameter in the search URL until a patch is available.