atvise webMI2ADS Multiple Vulnerabilities


Description   Luigi Auriemma has reported multiple vulnerabilities in atvise webMI2ADS, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
For more information:
SA46338
The vulnerabilities are reported in versions prior to 2.0.2 for Windows XP Embedded.
     
Vulnerable Products   Vulnerable Software:
atvise webMI2ADS 2.x
     
Solution   Update to version 2.0.2 for Windows XP Embedded.
     
CVE   CVE-2011-4883
CVE-2011-4882
CVE-2011-4881
CVE-2011-4880
     
References   Luigi Auriemma:
http://aluigi.altervista.org/adv/webmi2ads_1-adv.txt
ICSA-12-102-01:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2012-04-12 

 Target Type 
Server 

 Possible exploit 
Remote