PT-2006-4981 · Paessler · Ipcheck Server Monitor

Auuw73

Publicado

2006-08-14

Atualizado

2018-10-17

CVE-2006-4140

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IPCheck Server Monitor versions prior to 5.3.3.639/640

Description The issue allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL. This can be achieved by using various encoded sequences such as "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "" backslash).

Recommendations For versions prior to 5.3.3.639/640, update to version 5.3.3.639/640 or later to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-4140

Produtos afetados

Ipcheck Server Monitor

PT-2006-4981 · Paessler · Ipcheck Server Monitor

CVE-2006-4140

Identificadores relacionados

Produtos afetados

Referências · 12