AVTECH PageR Enterprise Directory Traversal Vulnerability

Bugtraq ID:	30987
Class:	Input Validation Error
CVE:	CVE-2008-3939
Remote:	Yes
Local:	No
Published:	Sep 02 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Corey LeBleu and r_at_b13$ of Digital Defense, Inc. Vulnerability Research Team
Vulnerable:	AVTECH PageR Enterprise 4.3.7
Not Vulnerable:

AVTECH PageR Enterprise Directory Traversal Vulnerability

AVTECH PageR Enterprise is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's web interface.

Exploiting this issue will allow an attacker to view arbitrary local files outside of the PageR Enterprise web root. Information harvested may aid in launching further attacks.

PageR Enterprise 4.3.7 is vulnerable; other versions may also be affected.

AVTECH PageR Enterprise Directory Traversal Vulnerability

An attacker can exploit this issue via readily available tools.

AVTECH PageR Enterprise Directory Traversal Vulnerability

Solution:
Reports indicate that the vendor has addressed this issue in PageR Enterprise 5.0.7, but Symantec was unable to confirm this information. Please see the references for more information.

AVTECH PageR Enterprise Directory Traversal Vulnerability

References:

• AVTECH Homepage (AVTECH)
  
• PageR Enterprise Homepage (AVTECH)
  
• SECOPS Advisories (Digital Defense)