Multiple vulnerabilities exist in Barracuda Networks products due to improper validation of user-controlled input. User-controllable input supplied to the embedded web server is not properly sanitized for illegal path delimiting characters prior to being used to access files. A specially crafted HTTP request containing directory traversal sequences could allow remote attackers to conduct traversal attacks.


The vendor has released Security Definition update v2.0.4 that addresses these vulnerabilities.


Related Vulnerabilities