lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 29 Aug 2011 13:56:41 GMT
Subject: DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal

DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal


Date Discovered
July 15, 2011

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: sxkeebler and r@...$

Vulnerability Description
The Axway SecureTransport device contains a directory traversal in 
the '/icons/' directory. An unauthenticated remote attacker can use 
this vulnerability to obtain arbitrary files from the root file system 
of the vulnerable host.

Solution Description
Axway Global Support has addressed this vulnerability in package: SecureTransport Server 4.8.2 Patch 12.

Patch download: Axway Customers can download the patch using their support account at
File Packages: STEE-4_8_2-Patch12-Windows-x86-Build420.jar
MD5 checksum: 0401efe41ee05f2ee25d3adddca113ba
Size: 928753 bytes

See the Patch Readme file which is available on the vendor website for additional information.

Tested Systems / Software
DDI tested: Axway SecureTransport 4.8.1
Axway tested: Axway tested all supported platforms for 
SecureTransport 4.8.x, 4.9.x, 5.0, and 5.1 and determined 
that the vulnerability only exists on the Windows platform 
for SecureTransport 4.8.x

Vendor Contact
Vendor Name: Axway

Vendor Support
Phone: +1-866-AXWAY-US or
- Go to
- Click the "Contact Axway Support" link to display a list of regional support contact phone numbers.

Powered by blists - more mailing lists