Brio Unix Directory Traversal Network Vulnerability

Summary

The Brio web application interface has a directory traversal in the component 'odscgi'. An attacker may exploit this flaw to read arbitrary files on the remote host by submitting a URL like : http://www.example.com/ods-cgi/odscgi?HTMLFile=../../../../../../etc/passwd

Solution

Check www.brio.com for updated software.

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat source.jsp malformed request information disclosure
Apache Struts2/XWork Remote Command Execution Vulnerability
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache Archiva Multiple Vulnerabilities

Take action and discover your vulnerabilities