CVE-2012-4680

Name of the Vulnerable Software and Affected Versions IOServer versions prior to 1.0.19.0

Description A directory traversal issue exists in the XML Server of IOServer. This occurs when the Root Directory pathname does not end with a backslash character, allowing remote attackers to access arbitrary files or directories by using the dot dot (..) notation in a URI.

Recommendations For versions prior to 1.0.19.0, update to version 1.0.19.0 or later to resolve the issue. As a temporary workaround, consider ensuring that the Root Directory pathname always includes a trailing backslash character to prevent directory traversal attacks.