lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2AD2DC78-3DFC-42A8-AD9F-253B54BB7902@ddifrontline.com>
Date: Mon, 29 Aug 2011 09:00:50 -0500
From: ddivulnalert <ddivulnalert@...frontline.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DDIVRT-2011-32 Axway SecureTransport '/icons/'
	Directory Traversal

Title
-----
DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal

Severity
--------
High

Date Discovered
---------------
July 15, 2011

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: sxkeebler and r@...$

Vulnerability Description
-------------------------
The Axway SecureTransport device contains a directory traversal in 
the '/icons/' directory. An unauthenticated remote attacker can use this 
vulnerability to obtain arbitrary files from the root file system of the 
vulnerable host.

Solution Description
--------------------
Axway Global Support has addressed this vulnerability in package: SecureTransport Server 4.8.2 Patch 12.

Patch download: Axway Customers can download the patch using their support account at https://support.axway.com
File Packages: STEE-4_8_2-Patch12-Windows-x86-Build420.jar
MD5 checksum: 0401efe41ee05f2ee25d3adddca113ba
Size: 928753 bytes

See the Patch Readme file which is available on the vendor website for additional information.

Tested Systems / Software
-------------------------
DDI tested: Axway SecureTransport 4.8.1
Axway tested: Axway tested all supported platforms for SecureTransport 4.8.x, 
4.9.x, 5.0, and 5.1 and determined that the vulnerability only exists on the 
Windows platform for SecureTransport 4.8.x

Vendor Contact
--------------
Vendor Name: Axway

Vendor Support
Email: support@...ay.com
Phone: +1-866-AXWAY-US or
- Go to https://support.axway.com
- Click the "Contact Axway Support" link to display a list of regional support contact phone numbers.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ