ipMonitor Encoded Traversal Arbitrary File Access

This script is Copyright (C) 2007-2013 SensePost


Synopsis :

The remote web server is affected by a directory traversal
vulnerability.

Description :

A directory traversal flaw was discovered by SensePost to affect
ipMonitor versions 8.0 and 8.5. Upon sending a specially formed
request to the web server, containing a series of '%2f..' sequences,
an unauthenticated attacker is able to traverse the web root and
obtain files within the remote file system.

See also :

https://support.ipmonitor.com/releasehistory.aspx

Solution :

Upgrade to ipMonitor 8.5, Build 1163 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Web Servers

Nessus Plugin ID: 29697 (ipmonitor_traversal.nasl)

Bugtraq ID:

CVE ID: