ipMonitor Encoded Traversal Arbitrary File Access

This script is Copyright (C) 2007-2015 SensePost

Synopsis :

The remote web server is affected by a directory traversal

Description :

A directory traversal flaw was discovered by SensePost to affect
ipMonitor versions 8.0 and 8.5. Upon sending a specially formed
request to the web server, containing a series of '%2f..' sequences,
an unauthenticated attacker is able to traverse the web root and
obtain files within the remote file system.

See also :


Solution :

Upgrade to ipMonitor 8.5, Build 1163 or later.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Web Servers

Nessus Plugin ID: 29697 (ipmonitor_traversal.nasl)

Bugtraq ID: