Software602 602Pro LAN SUITE < 2004.0.05.0509 Directory Traversal Arbitrary File Access

Medium Nessus Network Monitor Plugin ID 2883

Synopsis

The remote host is vulnerable to a directory traversal flaw.

Description

The remote host is running the 602Pro LAN SUITE, an application that provides web, FTP, telnet, DNS, RealAudio, SSL services and proxying. This version of 602Pro LAN SUITE is vulnerable to a remote directory traversal attack within the 'mail' scripts 'A' parameter. An attacker exploiting this flaw would simply supply a typical '../../' directory traversal query to the 'A' parameter. Successful exploitation would give the attacker access to any files on the remote system. This introduces a loss of confidentiality.

Solution

Upgrade to version 2004.0.05.0509 or higher.

Plugin Details

Severity: Medium

ID: 2883

File Name: 2883.prm

Family: Web Servers

Published: 2005/05/06

Modified: 2016/01/21

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2005-1423

BID: 13519

OSVDB: 16069