CVE-2014-9181

Name of the Vulnerable Software and Affected Versions Plex Media Server versions prior to 0.9.9.3

Description The issue allows remote attackers to read arbitrary files by using a .. (dot dot) in the URI to access certain directories, such as "manage/" or "web/". Additionally, remote authenticated users can read arbitrary files via a .. (dot dot) in the URI to "resources/".

Recommendations For versions prior to 0.9.9.3, update to version 0.9.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "manage/", "web/", and "resources/" directories until the update is applied.