Detections
Analytics

ipMonitor Encoded Traversal Arbitrary File Access

medium Nessus Plugin ID 29697

Language:

Synopsis

The remote web server is affected by a directory traversal vulnerability.

Description

A directory traversal flaw was discovered by SensePost to affect ipMonitor versions 8.0 and 8.5. Upon sending a specially formed request to the web server, containing a series of '%2f..' sequences, an unauthenticated attacker is able to traverse the web root and obtain files within the remote file system.

Solution

Upgrade to ipMonitor 8.5, Build 1163 or later.

See Also

https://support.ipmonitor.com/releasehistory.aspx

Plugin Details

Severity: Medium

ID: 29697

File Name: ipmonitor_traversal.nasl

Version: 1.11

Type: remote

Family: Web Servers

Published: 12/13/2007

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N