icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

CProxy Directory Traversal Arbitrary File Access / DoS

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running CProxy, a Web/Mail proxy server. This version of CProxy is vulnerable to a flaw where a remote attacker can download any file from the server (even outside the webroot) by using a '../' type of query. In addition, if the requested file is a .exe which does not exist, then the server may crash. At the least, this would cause a Denial of Service (DoS) against the service and attached users.

Solution

No solution is known at this time.