CVE-2007-6317

Name of the Vulnerable Software and Affected Versions BarracudaDrive Web Server versions prior to 3.8

Description The issue allows remote attackers to read arbitrary files by using certain .. (dot dot backslash) sequences in the URL path. Additionally, remote authenticated users can delete arbitrary files or create arbitrary directories via a .. (dot dot backslash) sequence in the dir parameter to "/drive/c/bdusers/USER/".

Recommendations For versions prior to 3.8, update to version 3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/drive/c/bdusers/USER/" endpoint to minimize the risk of exploitation. Avoid using the dir parameter in the affected endpoint until the issue is resolved.