PT-2007-7317 · Safenet · Safenet Sentinel Keys Server+1

Publicado

2007-12-20

Atualizado

2018-10-15

CVE-2007-6483

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SafeNet Sentinel Protection Server versions 7.0.0 through 7.4.0 SafeNet Sentinel Keys Server version 1.0.3 and possibly earlier versions

Description A directory traversal issue allows remote attackers to read arbitrary files by including a .. (dot dot) in the query string.

Recommendations For SafeNet Sentinel Protection Server versions 7.0.0 through 7.4.0, consider restricting access to sensitive files until a patch is available. For SafeNet Sentinel Keys Server version 1.0.3 and possibly earlier versions, avoid using the query string to access files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2007-6483

Produtos afetados

Safenet Sentinel Keys Server

Safenet Sentinel Protection Server

PT-2007-7317 · Safenet · Safenet Sentinel Keys Server+1

CVE-2007-6483

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13