RaidenHTTPD <= 2.0.19 workspace.php ulang Parameter Directory Traversal Arbitrary File Access
Medium Nessus Network Monitor Plugin ID 4319
SynopsisThe remote host is vulnerable to a directory traversal flaw.
DescriptionThe remote host is running RaidenHTTPD, a web server for Windows. Specifically, the 'ulang' parameter of the 'raidenhttpd-admin/workspace.php' script fails to adequately parse user-supplied data. A request containing '../' would allow an attacker to gain access to files outside the web root.
SolutionUpgrade to a version higher than 2.0.19.