Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4680

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4680
Last Modified 25 Jul 2013 12:46:00
Published 27 Aug 2012 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4680

Summary

Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.

Vulnerable Systems


References

MISC - http://www.foofus.net/?page_id=616

SECUNIA - 50297

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-12-258-01


Last Updated: 27 May 2016 11:00:22