PT-2006-2935 · Solarwinds · Solarwinds Tftp Server

Chad Loder

Published

2006-04-24

Updated

2018-10-18

CVE-2006-1951

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SolarWinds TFTP Server versions 8.1 and earlier

Description The issue allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering. This can be achieved by exploiting the directory traversal vulnerability.

Recommendations For SolarWinds TFTP Server versions 8.1 and earlier, consider restricting access to the TFTP server until a patch is available. As a temporary workaround, disabling the ability to download files via GET requests may help minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1951

Affected Products

Solarwinds Tftp Server

PT-2006-2935 · Solarwinds · Solarwinds Tftp Server

CVE-2006-1951

Related Identifiers

Affected Products

References · 9