PT-2010-5037 · Visual Synapse · Visual Synapse Http Server

Felipe Aragon

Published

2010-10-08

Updated

2018-10-10

CVE-2010-3743

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Visual Synapse HTTP Server versions 0.60 and earlier, 1.0 RC1 through RC3

Description A directory traversal issue allows remote attackers to read arbitrary files by including a .. (dot dot) in the URI. This could potentially expose sensitive information.

Recommendations For versions 0.60 and earlier, and 1.0 RC1 through RC3, consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, consider disabling the ability to access files using the .. (dot dot) notation in the URI until a fix is released.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2010-3743

Affected Products

Visual Synapse Http Server

PT-2010-5037 · Visual Synapse · Visual Synapse Http Server

CVE-2010-3743

Weakness Enumeration

Related Identifiers

Affected Products

References · 5