PT-2012-5156 · Wangkongbao · Wangkongbao Cns-1000+1

Dillon Beresford

Publicado

2012-07-17

Atualizado

2017-08-29

CVE-2012-4031

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wangkongbao CNS-1000 and 1100

Description The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to read arbitrary files. The attack can be performed by including a .. (dot dot) in the lang or langid cookie to port 85.

Recommendations For Wangkongbao CNS-1000 and 1100, restrict access to the acloglogin.php file until a patch is available. As a temporary workaround, consider filtering out .. (dot dot) sequences from the lang and langid cookies to prevent directory traversal attacks.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2012-4031

Produtos afetados

Wangkongbao Cns-1000

Wangkongbao Cns-1100

PT-2012-5156 · Wangkongbao · Wangkongbao Cns-1000+1

CVE-2012-4031

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8