CVE-2008-1652

Name of the Vulnerable Software and Affected Versions Perlbal versions prior to 1.70

Description A directory traversal issue exists in the serve request multiple function in lib/Perlbal/ClientHTTPBase.pm, allowing remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter when concat get is enabled.

Recommendations For versions prior to 1.70, update to version 1.70 or later to resolve the issue. As a temporary workaround, consider disabling the concat get feature until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.