|
Description
|
|
hinge has reported a vulnerability in IOServer, which can be exploited by malicious people to disclose certain sensitive information.
Input appended to the URL is not properly sanitised before being used to display files. This can be exploited to download and disclose the contents of arbitrary files via directory traversal sequences.
Successful exploitation requires that "XML Server" is enabled and that the "Root Directory" setting does not contain a trailing backslash.
The vulnerability is reported in version 1.0.18.0. Prior versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
IOServer 1.x
|
|
|
|
|
|
Solution
|
|
Update to version 1.0.19.0.
|
|
|
|
|
|
CVE
|
|
CVE-2012-4680
|
|
|
|
|
|
References
|
|
http://www.foofus.net/?page_id=616
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
