PT-2009-3977 · Boxalino · Boxalino
Publicado
2009-10-22
·
Atualizado
2018-10-10
·
CVE-2009-1479
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Boxalino versions prior to 09.05.25-0421
Description:
The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the
url parameter of the client/desktop/default.htm file. This enables access to sensitive information.Recommendations:
For versions prior to 09.05.25-0421, update to version 09.05.25-0421 or later to resolve the issue. As a temporary workaround, consider restricting access to the client/desktop/default.htm file to minimize the risk of exploitation. Avoid using the
url parameter in the affected file until the issue is resolved.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Boxalino