| VID |
22374 |
| Severity |
30 |
| Port |
21700 |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The 3Com Network Supervisor software is vulnerable a directory traversal vulnerability. 3Com Network Supervisor is a network monitoring application for Microsoft Windows operating systems. 3com Network Supervisor version 5.0.2 and earlier versions allow a remote attacker to traverse directories and view files residing outside of the Web root. By sending a specially-crafted URL containing "dot dot" sequences (../) to port 21700, a remote attacker could read arbitrary files outside of the web root directory with the privileges of the Web service.
* References:
http://www.idefense.com/application/poi/display?id=300&type=vulnerabilities
* Platforms Affected:
3Com Network Supervisor version 5.0.2 and earlier versions
Microsoft Windows 2000 Any version
Microsoft Windows XP Any version |
| Recommendation |
Apply the appropriate Critical Update 1, as listed in the SecurityFocus Web site at http://www.securityfocus.com/bid/14715/solution |
| Related URL |
CVE-2005-2020 (CVE) |
| Related URL |
14715 (SecurityFocus) |
| Related URL |
22098 (ISS) |
|
