Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CProxy Directory Traversal Arbitrary File Access / DoS

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running CProxy, a Web/Mail proxy server. This version of CProxy is vulnerable to a flaw where a remote attacker can download any file from the server (even outside the webroot) by using a '../' type of query. In addition, if the requested file is a .exe which does not exist, then the server may crash. At the least, this would cause a Denial of Service (DoS) against the service and attached users.

Solution

No solution is known at this time.