|
Description
|
|
A vulnerability has been reported in OfficeWatch Call Accounting, which can be exploited by malicious people to disclose sensitive information.
Certain input passed to the web interface is not properly verified before being used. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks.
The vulnerability is reported in version 2011.06.20. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
OfficeWatch Call Accounting
|
|
|
|
|
|
Solution
|
|
Filter malicious characters and character sequences using a proxy.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
http://archives.neohapsis.com/archives/fulldisclosure/2011-10/0117.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
