PT-2013-5461 · Trustport · Trustport Webfilter
Published
2013-08-16
·
Updated
2017-08-29
·
CVE-2013-5301
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Trustport Webfilter version 5.5.0.2232
Description
The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the help.php file. This is achieved by using a .. (dot dot) in the
hf parameter.Recommendations
For Trustport Webfilter version 5.5.0.2232, consider restricting access to the help.php file until a patch is available. As a temporary workaround, avoid using the
hf parameter in the affected endpoint to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trustport Webfilter