CVE-2009-0288

Name of the Vulnerable Software and Affected Versions TFTPUtil GUI versions 1.2.0 through 1.3.0

Description A directory traversal issue allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request, such as "/../" or "/../../". This could potentially expose sensitive information.

Recommendations For versions 1.2.0 and 1.3.0, consider restricting access to the TFTP server until a fix is available. As a temporary workaround, restrict the use of GET requests that contain directory traversal sequences. Avoid using the TFTPUtil GUI for sensitive operations until the issue is resolved.