Performance Guard Arbitrary File Read & Traversal

2013.08.30
Credit: Kerem Kocaer
Risk: Medium
Local: No
Remote: Yes


Ogólna skala CVSS: 5/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Brak
Wpływ na dostępność: Brak

Application Performance Guard Vendor CapaSystems Link http://www.capasystems.com/it-performance-monitorin Discovered by Kerem Kocaer <kerem.kocaer(at)gmail(dot)com> Problem ------- Path traversal vulnerability in the "download logs" section allows remote attackers to read arbitrary files by intercepting and modifying the file path in an HTTP request to "uploadreader.jsp". The vulnerability is confirmed to exist in version 6.1.27. Other versions may also be vulnerable. Exploit ------- This issue can be exploited with a web browser and a proxy tool to intercept and modify parameters sent to: http://[address]/logreader/uploadreader.jsp Fix --- The vendor has reported fixing the problem in version 6.2.102. Bug Fix PG-8050 (http://capawiki.capasystems.com/display/pgdoc/PG+6.2.102) Timeline -------- 2013-05-16 Provided details to CapaSystems 2013-06-07 Performance Guard version 6.2.102 released (with Bug fix PG-8050) Reference --------- CVE Number: CVE-2013-5216

Referencje:

http://www.capasystems.com/it-performance-monitorin


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top