ArsDigita Community System Directory Traversal Vulnerability

Bugtraq ID:	22121
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 18 2007 12:00AM
Updated:	Jan 19 2007 04:29AM
Credit:	Elliot Kendall is credited with the discovery of this vulnerability.
Vulnerable:	Ars Digita Community System (ACS) 3.4.10 Ars Digita Community System (ACS) 3.4.9 Ars Digita Community Education Solution (ACES) 1.1
Not Vulnerable:	Ars Digita OpenACS 0 Ars Digita Community System (ACS) 4.2 Ars Digita ACS-Java 4.7.4 Ars Digita ACS-Java 4.0 Ars Digita ACS-Java 3.4

ArsDigita Community System Directory Traversal Vulnerability

ArsDigita Community System is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.

ArsDigita Community System Directory Traversal Vulnerability

Attackers can exploit this issue via a web client.

A sample URI has been provided:

• /data/vulnerabilities/exploits/22121.html

ArsDigita Community System Directory Traversal Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

ArsDigita Community System Directory Traversal Vulnerability

References: