| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201108291356.p7TDuf5G026843@sf01web1.securityfocus.com> Date: Mon, 29 Aug 2011 13:56:41 GMT From: ddivulnalert@...frontline.com To: bugtraq@...urityfocus.com Subject: DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal Title ----- DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal Severity -------- High Date Discovered --------------- July 15, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: sxkeebler and r@...$ Vulnerability Description ------------------------- The Axway SecureTransport device contains a directory traversal in the '/icons/' directory. An unauthenticated remote attacker can use this vulnerability to obtain arbitrary files from the root file system of the vulnerable host. Solution Description -------------------- Axway Global Support has addressed this vulnerability in package: SecureTransport Server 4.8.2 Patch 12. Patch download: Axway Customers can download the patch using their support account at https://support.axway.com File Packages: STEE-4_8_2-Patch12-Windows-x86-Build420.jar MD5 checksum: 0401efe41ee05f2ee25d3adddca113ba Size: 928753 bytes See the Patch Readme file which is available on the vendor website for additional information. Tested Systems / Software ------------------------- DDI tested: Axway SecureTransport 4.8.1 Axway tested: Axway tested all supported platforms for SecureTransport 4.8.x, 4.9.x, 5.0, and 5.1 and determined that the vulnerability only exists on the Windows platform for SecureTransport 4.8.x Vendor Contact -------------- Vendor Name: Axway Vendor Support Email: support@...ay.com Phone: +1-866-AXWAY-US or - Go to https://support.axway.com - Click the "Contact Axway Support" link to display a list of regional support contact phone numbers.
Powered by blists - more mailing lists