CVE-2017-9447

Name of the Vulnerable Software and Affected Versions Parallels Remote Application Server (RAS) version 15.5 Build 16140

Description A vulnerability exists in the web interface due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. This allows a remote, unauthenticated attacker to exploit the weakness and read arbitrary files from the vulnerable system using path traversal sequences.

Recommendations For Parallels Remote Application Server (RAS) version 15.5 Build 16140, consider restricting access to the "RASHTML5Gateway" directory until a patch is available. As a temporary workaround, limit the ability to request resources under this directory to prevent path traversal attacks.