icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Sentinel Protection Server < 7.4.1 Directory Traversal File Access

Medium

Synopsis

The remote host is vulnerable to a directory traversal flaw.

Description

The remote host is running the Sentinel Protection Server. This version of Sentinel is vulnerable to a flaw where specially formatted HTTP requests, like 'GET /..\..\..\..\..\..\winnt\win.ini', will cause the server to return potentially confidential data from outside of the web directories.

Solution

Upgrade to version 7.4.1 or higher.