Sentinel Protection Server < 7.4.1 Directory Traversal File Access
Medium Nessus Network Monitor Plugin ID 4297
SynopsisThe remote host is vulnerable to a directory traversal flaw.
DescriptionThe remote host is running the Sentinel Protection Server.
This version of Sentinel is vulnerable to a flaw where specially formatted HTTP requests, like 'GET /..\..\..\..\..\..\winnt\win.ini', will cause the server to return potentially confidential data from outside of the web directories.
SolutionUpgrade to version 7.4.1 or higher.