|
Description
|
|
Luigi Auriemma has discovered a vulnerability in SpecView, which can be exploited by malicious people to disclose potentially sensitive information.
Input passed via web requests is not properly verified before being used to read files. This can be exploited to disclose arbitrary files via directory traversal sequences.
Successful exploitation requires the "Web Server" option to be enabled (disabled by default).
The vulnerability is confirmed in version 2.5 Build 853. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
SpecView 2.x
|
|
|
|
|
|
Solution
|
|
Update to version 2.5 Build 854.
|
|
|
|
|
|
CVE
|
|
CVE-2012-5972
|
|
|
|
|
|
References
|
|
SpecView:
http://www.specview.com/html/release_notes.html
Luigi Auriemma:
http://aluigi.altervista.org/adv/specview_1-adv.txt
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
