PT-2010-3690 · Datatrack · Datatrack System

John Leitch

Published

2010-05-25

Updated

2017-08-17

CVE-2010-2079

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions DataTrack System version 3.5

Description The issue allows remote attackers to bypass intended restrictions on file extensions and read arbitrary files by appending a trailing backslash in a URI. This can be demonstrated by accessing files such as web.config and .ascx.

Recommendations For DataTrack System version 3.5, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, avoid using trailing backslashes in URIs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-2079

Affected Products

Datatrack System

PT-2010-3690 · Datatrack · Datatrack System

CVE-2010-2079

Weakness Enumeration

Related Identifiers

Affected Products

References · 4