Detections
Analytics

Adobe Breeze Directory Traversal Arbitrary File Access

medium Nessus Plugin ID 22868

Language:

Synopsis

The remote web server is prone to a directory traversal attack.

Description

The remote web server appears to be Adobe Breeze, a web-based video conferencing system.

The version of Adobe Breeze installed on the remote host reportedly has an issue with URL parsing. While specific information about the issue is currently not available, a remote attacker may be able to exploit this to view arbitrary files on the affected host.

Solution

Upgrade as necessary to Breeze 5.1 SP2 and install the patch as described in the vendor advisory referenced above.

See Also

https://www.adobe.com/support/security/bulletins/apsb06-16.html

Plugin Details

Severity: Medium

ID: 22868

File Name: adobe_breeze_5_1_172.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 10/14/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:adobe:breeze_licensed_server

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/10/2006

Vulnerability Publication Date: 10/10/2006

Reference Information

CVE: CVE-2006-5200

BID: 20438