Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

RaidenHTTPD <= 2.0.19 workspace.php ulang Parameter Directory Traversal Arbitrary File Access

Medium

Synopsis

The remote host is vulnerable to a directory traversal flaw.

Description

The remote host is running RaidenHTTPD, a web server for Windows. Specifically, the 'ulang' parameter of the 'raidenhttpd-admin/workspace.php' script fails to adequately parse user-supplied data. A request containing '../' would allow an attacker to gain access to files outside the web root.

Solution

Upgrade to a version higher than 2.0.19.