IBM Power Systems lighttpd Directory Traversal Vulnerability


Description   IBM has acknowledged a vulnerability in IBM Power Systems, which can be exploited by malicious people to disclose potentially sensitive information.
For more information:
SA57333 (#2)
Please see the vendor's advisory for a list of affected versions.
     
Vulnerable Products   Vulnerable OS:
IBM Power SystemsVulnerable Software:
     
Solution   Update to a fixed version. Please see the vendor's advisory for details.
     
CVE   CVE-2014-2324
     
References   IBM:
http://www.ibm.com/support/docview.wss?uid=isg3T1022165
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-05-04 

 Target Type 
Server 

 Possible exploit 
Remote