PT-2002-3004 · Halycon · Iasp

Published

2002-12-31

Updated

2017-07-29

CVE-2002-2292

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Halycon Software iASP version 1.0.9

Description: The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095, specifically targeting the Remote Console Applet.

Recommendations: For version 1.0.9, consider restricting access to the Remote Console Applet until a patch is available. As a temporary workaround, limit the ability to send HTTP requests to port 9095 to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2002-2292

Affected Products

Iasp

PT-2002-3004 · Halycon · Iasp

CVE-2002-2292

Weakness Enumeration

Related Identifiers

Affected Products

References · 4