Summary
This host is running Arkeia Appliance and is affected by a path traversal vulnerability.
Impact
Successful exploitation will allow remote attackers to perform directory traversal attacks and read arbitrary files on the affected application.
arbitrary data.
Solution
For updates refer to http://www.arkeia.com/
Insight
Path traversal enables attackers access to files and directories outside the web root through relative file paths in the user input.
Affected
Arkeia Appliance Version 10.2.7 and prior.
Detection
Send a crafted HTTP POST request and check is it possible to read a system file.
References
Severity
Classification
-
CVE CVE-2014-2846 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- ALCASAR Remote Code Execution Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability