The host is running Sockso and is prone to directory traversal vulnerability.

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Upgrade to Sockso version 1.5.1 or later. For updates refer to http://sockso.pu-gh.com/

The flaw is due to improper validation of URI containing '../' or '..\' sequences, which allows attackers to read arbitrary files via directory traversal attacks.

Sockso version 1.5 and prior

• http://packetstormsecurity.org/files/110828/sockso_1-adv.txt
• http://www.exploit-db.com/exploits/18605/
• http://www.securityfocus.com/bid/52509/info

---

Updated on 2015-03-25