Portable SDK for UPnP Devices (libupnp) HTTP Arbitrary File Write
Medium Nessus Plugin ID 93221
SynopsisAn HTTP server running on the remote host is affected by a remote arbitrary file write vulnerability.
DescriptionThe Portable SDK for UPnP Devices (libupnp) running on the remote host is affected by a flaw that is triggered when handling HTTP POST or GET requests. An unauthenticated, remote attacker can exploit this to write arbitrary files to the web server file system.
SolutionNo patch or upgrade currently exists. If libupnp is used as a third-party library by a different application, contact the vendor of that application for a fix.