Raz-Lee Security+++ Suite Input Validation Vulnerability
BID:13310
Info
Raz-Lee Security+++ Suite Input Validation Vulnerability
| Bugtraq ID: | 13310 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 21 2005 12:00AM |
| Updated: | Apr 21 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to "Shalom Carmel" <[email protected]>. |
| Vulnerable: |
Raz-Lee Security+++ Suite |
| Not Vulnerable: | |
Discussion
Raz-Lee Security+++ Suite Input Validation Vulnerability
Raz-Lee Security+++ Suite is prone to an input validation vulnerability. Reports indicate that the software fails to filter potentially dangerous character sequences from user requests. In particular, directory traversal sequences are not filtered by the product.
This vulnerability may lead to a false sense of security, where an administrator believes that they are immune to certain attacks, when in reality they are vulnerable.
Raz-Lee Security+++ Suite is prone to an input validation vulnerability. Reports indicate that the software fails to filter potentially dangerous character sequences from user requests. In particular, directory traversal sequences are not filtered by the product.
This vulnerability may lead to a false sense of security, where an administrator believes that they are immune to certain attacks, when in reality they are vulnerable.
Exploit / POC
Raz-Lee Security+++ Suite Input Validation Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Raz-Lee Security+++ Suite Input Validation Vulnerability
Solution:
It is reported that the vendor has addressed this issue. This is not confirmed. Customers are advised to contact the vendor for details regarding obtaining and applying appropriate updates.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that the vendor has addressed this issue. This is not confirmed. Customers are advised to contact the vendor for details regarding obtaining and applying appropriate updates.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Raz-Lee Security+++ Suite Input Validation Vulnerability
References:
References:
- Security+++ Suite Homepage (Raz-Lee)
- Canonicalization and directory traversal in iSeries FTP security products ("Shalom Carmel"