PT-2007-5205 · Secure Computing · Securityreporter
Published
2007-07-25
·
Updated
2017-07-29
·
CVE-2007-3985
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Secure Computing SecurityReporter version 4.6.3
Description:
A directory traversal issue exists, allowing remote attackers to download arbitrary files by utilizing a .. (dot dot) in the
name parameter of the file.cgi endpoint.Recommendations:
For Secure Computing SecurityReporter version 4.6.3, consider restricting access to the file.cgi endpoint until a patch is available. As a temporary workaround, avoid using the
name parameter with .. (dot dot) sequences in the file.cgi endpoint to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Securityreporter