| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201308291330.r7TDU1iK019769@sf01web3.securityfocus.com> Date: Thu, 29 Aug 2013 13:30:01 GMT From: kerem.kocaer@...il.com To: bugtraq@...urityfocus.com Subject: CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability Application Performance Guard Vendor CapaSystems Link http://www.capasystems.com/it-performance-monitorin Discovered by Kerem Kocaer <kerem.kocaer(at)gmail(dot)com> Problem ------- Path traversal vulnerability in the "download logs" section allows remote attackers to read arbitrary files by intercepting and modifying the file path in an HTTP request to "uploadreader.jsp". The vulnerability is confirmed to exist in version 6.1.27. Other versions may also be vulnerable. Exploit ------- This issue can be exploited with a web browser and a proxy tool to intercept and modify parameters sent to: http://[address]/logreader/uploadreader.jsp Fix --- The vendor has reported fixing the problem in version 6.2.102. Bug Fix PG-8050 (http://capawiki.capasystems.com/display/pgdoc/PG+6.2.102) Timeline -------- 2013-05-16 Provided details to CapaSystems 2013-06-07 Performance Guard version 6.2.102 released (with Bug fix PG-8050) Reference --------- CVE Number: CVE-2013-5216
Powered by blists - more mailing lists