Computalynx CProxy Directory Traversal Vulnerability
BID:12722
Info
Computalynx CProxy Directory Traversal Vulnerability
| Bugtraq ID: | 12722 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 03 2005 12:00AM |
| Updated: | Mar 03 2005 12:00AM |
| Credit: | Discovery is credited to Kristof Philipsen. |
| Vulnerable: |
Computalynx CProxy Server 3.4.4 Computalynx CProxy Server 3.4.3 Computalynx CProxy Server 3.4.1 Computalynx CProxy Server 3.3 SP2 |
| Not Vulnerable: | |
Discussion
Computalynx CProxy Directory Traversal Vulnerability
CProxy is reported prone to a remote directory traversal vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remote user may exploit this issue to disclose arbitrary files and carry out a denial of service condition.
It is reported that an attacker can simply issue an HTTP GET request including directory traversal sequences to carry out this attack.
CProxy is reported prone to a remote directory traversal vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remote user may exploit this issue to disclose arbitrary files and carry out a denial of service condition.
It is reported that an attacker can simply issue an HTTP GET request including directory traversal sequences to carry out this attack.
Exploit / POC
Computalynx CProxy Directory Traversal Vulnerability
An exploit is not required.
The following proof of concept is available:
GET http://../../[file] HTTP/1.0
An exploit is not required.
The following proof of concept is available:
GET http://../../[file] HTTP/1.0
Solution / Fix
Computalynx CProxy Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.