Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11988
Category:Remote file access
Title:FSP Suite Directory Traversal Vulnerability
Summary:The FSP Suite (daemon) has been found to improperly filter out; paths with trailing / or starting with /. This would allow an attacker; access to files that reside outside the bounding FSP root directory.
Description:Summary:
The FSP Suite (daemon) has been found to improperly filter out
paths with trailing / or starting with /. This would allow an attacker
access to files that reside outside the bounding FSP root directory.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features,
remove the product or replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 9377
Common Vulnerability Exposure (CVE) ID: CVE-2003-1022
http://www.securityfocus.com/bid/9377
Computer Incident Advisory Center Bulletin: O-048
http://www.ciac.org/ciac/bulletins/o-048.shtml
Debian Security Information: DSA-416 (Google Search)
http://www.debian.org/security/2004/dsa-416
http://www.osvdb.org/3346
XForce ISS Database: fspsuite-dot-directory-traversal(14154)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14154
CopyrightCopyright (C) 2004 Noam Rathaus

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.