PT-2010-1609 · Sysax · Sysax Multi Server

Jonathan Salwan

Published

2010-04-22

Updated

2017-09-19

CVE-2009-4800

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Sysax Multi Server versions 4.3 through 4.5

Description The issue allows remote authenticated users to delete arbitrary files by utilizing a directory traversal technique, specifically by including a ..// (dot dot slash slash) in a DELE command.

Recommendations For versions 4.3 and 4.5, consider restricting access to the DELE command until a patch is available to prevent arbitrary file deletion.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2009-4800

Affected Products

Sysax Multi Server

PT-2010-1609 · Sysax · Sysax Multi Server

CVE-2009-4800

Weakness Enumeration

Related Identifiers

Affected Products

References · 7