CVE-2008-0758

Name of the Vulnerable Software and Affected Versions ExtremeZ-IP File and Print Server versions 5.1.2x15 and earlier

Description The issue allows remote attackers to read arbitrary files, including gif, png, jpg, xml, ico, zip, and html files, via a ".." (dot dot backslash) sequence in the filename. This is due to multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server.

Recommendations For ExtremeZ-IP File and Print Server versions 5.1.2x15 and earlier, consider restricting access to the Zidget/HTTP embedded HTTP server until a patch is available. As a temporary workaround, avoid using the ".." sequence in filenames to minimize the risk of exploitation.