CProxy Directory Traversal Arbitrary File Access / DoS
Medium Nessus Network Monitor Plugin ID 2670
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running CProxy, a Web/Mail proxy server. This version of CProxy is vulnerable to a flaw where a remote attacker can download any file from the server (even outside the webroot) by using a '../' type of query. In addition, if the requested file is a .exe which does not exist, then the server may crash. At the least, this would cause a Denial of Service (DoS) against the service and attached users.
SolutionNo solution is known at this time.