IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities Network Vulnerability

Summary

This host is running IOServer and is prone to multiple directory traversal vulnerabilities.

Impact

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Solution

Upgrade to IOServer version 1.0.19.0 or later, For updates refer to http://www.ioserver.com/

Insight

The flaws are due to improper validation of URI containing ../ (dot dot) sequences, which allows attackers to read arbitrary files via directory traversal attacks.

Affected

IOServer version 1.0.18.0 and prior

References

http://seclists.org/fulldisclosure/2012/Aug/223
http://www.foofus.net/?page_id=616

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4680
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IBM WebSphere Application Server Multiple Vulnerabilities
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities
IIS 5.0 Sample App reveals physical path of web root
Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
bozohttpd Security Bypass Vulnerability

Take action and discover your vulnerabilities