Virtual Vertex Muster Web Interface Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running Virtual Vertex Muster and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Solution

Upgrade to Virtual Vertex Muster version 6.2.0 or later. For updates refer to http://www.vvertex.com/index.php

Insight

The flaw is due to improper validation of URI containing ../(dot dot) sequences, which allows attackers to read arbitrary files via directory traversal attacks.

Affected

Virtual Vertex Muster version 6.1.6

References

http://secunia.com/advisories/46991
http://www.securelist.com/en/advisories/46991
http://www.security-assessment.com/files/documents/advisory/Muster-Arbitrary_File_Download.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4714
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

@Mail WebMail Email Body HTML Injection Vulnerability
/cgi-bin directory browsable ?
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
AlienForm CGI script
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities