| VID |
22418 |
| Severity |
30 |
| Port |
8080, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The IPCheck Server Monitor is vulnerable to a directory traversal vulnerability. IPCheck Server Monitor is a network resource monitoring tool for Microsoft Windows platforms. IPCheck Server Monitor versions 5.3.2.609 and earlier could allow a remote attacker to traverse directories on the server. By sending a specially-crafted URL request to the Web interface containing encoded "dot dot" sequences, such as %2f.. (encoded / slash), /..../ (multiple dot), and /..%255c (double-encoded \ backslash), a remote attacker could traverse directories and read arbitrary files on the affected system.
* References:
http://www.securityfocus.com/archive/1/442822/30/0/threaded
http://secunia.com/advisories/21468/
* Platforms Affected:
PAESSLER, IPCheck Server Monitor 4.3.1.368
PAESSLER, IPCheck Server Monitor 4.3.1.382
PAESSLER, IPCheck Server Monitor 5.1.0.342
PAESSLER, IPCheck Server Monitor 5.2.0.404
PAESSLER, IPCheck Server Monitor 5.3.0.508
PAESSLER, IPCheck Server Monitor 5.3.2.609
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of IPCheck Server Monitor (v5.3.2.616 or later), available from the IPCheck Server Monitor Download Web site at http://www.paessler.com/ipcheck/download |
| Related URL |
CVE-2006-4140 (CVE) |
| Related URL |
19473 (SecurityFocus) |
| Related URL |
28341 (ISS) |
|
