Summary
BitDefender is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Impact
Exploiting this issue allows an attacker to access potentially sensitive information that could aid in further attacks.
Solution
Update to BitDefender GravityZone >= 5.1.11.432
Insight
Arbitrary files can be downloaded using a HTTP GET request:
Affected
BitDefender GravityZone <= 5.1.5.386
Detection
Send a special crafted HTTP GET request and check the response
References
Severity
Classification
-
CVE CVE-2014-5350 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities