PT-2005-4890 · Logisphere · Logisphere

Published

2005-12-13

Updated

2017-07-20

CVE-2005-4202

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions LogiSphere version 0.9.9j

Description The issue allows remote attackers to access arbitrary files via specific sequences in the URL, including (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) ".." (dot dot backslash) sequences in the NS-query-pat parameter to the search URL.

Recommendations For LogiSphere version 0.9.9j, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, avoid using the source parameter in viewsource.jsp and restrict the use of the NS-query-pat parameter in the search URL until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4202

Affected Products

Logisphere

PT-2005-4890 · Logisphere · Logisphere

CVE-2005-4202

Related Identifiers

Affected Products

References · 9