BitDefender Update Server HTTP Request Traversal Arbitrary File Access

high Nessus Plugin ID 30021

Synopsis

The remote web server is affected by a directory traversal vulnerability.

Description

The version of BitDefender Update Server running on the remote host fails to sanitize request strings of directory traversal sequences, which allows an unauthenticated attacker to read files outside the web server's document directory.

Note that the server runs with LocalSystem privileges by default.

Solution

Apply the patch referenced in the vendor advisory.

See Also

https://www.securityfocus.com/archive/1/486701/30/0/threaded

Plugin Details

Severity: High

ID: 30021

File Name: bitdefender_update_server_dir_traversal.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 1/21/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/a:bitdefender:update_server

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-0396

BID: 27358

CWE: 22